Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.75%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 16.06.2026 22:49:06

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.p...

Exploit
  • EPSS 3.31%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 16.06.2026 22:49:06

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

Exploit
  • EPSS 3.42%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 16.06.2026 22:49:07

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/ad...

Exploit
  • EPSS 9.16%
  • Veröffentlicht 12.12.2007 00:46:00
  • Zuletzt bearbeitet 16.06.2026 22:47:49

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings ...

Exploit
  • EPSS 3.28%
  • Veröffentlicht 19.11.2007 21:46:00
  • Zuletzt bearbeitet 16.06.2026 22:47:15

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

  • EPSS 7%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 16.06.2026 22:46:40

Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

  • EPSS 4.38%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 16.06.2026 22:45:27

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

Exploit
  • EPSS 2.22%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 16.06.2026 22:45:27

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.

  • EPSS 1.52%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:57

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data t...

  • EPSS 3.64%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:57

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XM...