Wordpress

Wordpress

377 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2007-6013

Exploit
  • EPSS 1.68%
  • Veröffentlicht 19.11.2007 21:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

2.6

CVE-2007-5710

  • EPSS 3.34%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

4.3

CVE-2007-5105

  • EPSS 1.75%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

4.3

CVE-2007-5106

Exploit
  • EPSS 0.39%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.

4.3

CVE-2007-4893

  • EPSS 1.61%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data t...

7.5

CVE-2007-4894

  • EPSS 4.03%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XM...

4.3

CVE-2007-4544

  • EPSS 0.15%
  • Veröffentlicht 27.08.2007 23:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).

2.1

CVE-2007-4153

Exploit
  • EPSS 0.5%
  • Veröffentlicht 03.08.2007 20:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the op...

6.5

CVE-2007-4154

  • EPSS 0.72%
  • Veröffentlicht 03.08.2007 20:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4...

4.3

CVE-2007-4139

Exploit
  • EPSS 0.8%
  • Veröffentlicht 03.08.2007 10:17:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php.