Wordpress

Wordpress

377 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2007-3639

  • EPSS 1.15%
  • Veröffentlicht 10.07.2007 00:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions....

6

CVE-2007-3543

  • EPSS 1.69%
  • Veröffentlicht 03.07.2007 20:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadat...

6.5

CVE-2007-3544

  • EPSS 1.23%
  • Veröffentlicht 03.07.2007 20:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta...

6

CVE-2007-3238

  • EPSS 1.47%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vuln...

4.3

CVE-2007-3239

  • EPSS 0.82%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged...

4.3

CVE-2007-3240

  • EPSS 0.73%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code...

4.3

CVE-2007-3241

  • EPSS 0.29%
  • Veröffentlicht 15.06.2007 01:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.

6.5

CVE-2007-3140

  • EPSS 2.57%
  • Veröffentlicht 08.06.2007 16:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

7.5

CVE-2007-2821

Exploit
  • EPSS 5.69%
  • Veröffentlicht 22.05.2007 21:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

6.8

CVE-2007-2627

  • EPSS 1.03%
  • Veröffentlicht 11.05.2007 17:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than...