Wordpress

Wordpress

363 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-3239

  • EPSS 0.82%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged...

4.3

CVE-2007-3240

  • EPSS 0.73%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code...

4.3

CVE-2007-3241

  • EPSS 0.29%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.

6.5

CVE-2007-3140

  • EPSS 2.57%
  • Veröffentlicht 08.06.2007 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

7.5

CVE-2007-2821

Exploit
  • EPSS 5.69%
  • Veröffentlicht 22.05.2007 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

6.8

CVE-2007-2627

  • EPSS 1.03%
  • Veröffentlicht 11.05.2007 17:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than...

4.9

CVE-2007-1893

  • EPSS 0.19%
  • Veröffentlicht 09.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously sa...

4.3

CVE-2007-1894

  • EPSS 5.6%
  • Veröffentlicht 09.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

6.5

CVE-2007-1897

Exploit
  • EPSS 2.59%
  • Veröffentlicht 09.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to t...

3.5

CVE-2007-1732

  • EPSS 0.44%
  • Veröffentlicht 28.03.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is u...