Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2006-2702

Exploit
  • EPSS 1.44%
  • Published 31.05.2006 10:06:00
  • Last modified 03.04.2025 01:03:51

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

7.5

CVE-2006-2667

Exploit
  • EPSS 32.19%
  • Published 30.05.2006 21:02:00
  • Last modified 03.04.2025 01:03:51

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence in...

6.8

CVE-2006-1796

  • EPSS 0.46%
  • Published 17.04.2006 20:06:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explor...

4.3

CVE-2006-1263

  • EPSS 0.34%
  • Published 19.03.2006 02:02:00
  • Last modified 03.04.2025 01:03:51

Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

7.5

CVE-2006-1012

  • EPSS 1.87%
  • Published 06.03.2006 21:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

4.3

CVE-2006-0985

Exploit
  • EPSS 0.89%
  • Published 03.03.2006 11:02:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

5

CVE-2006-0986

Exploit
  • EPSS 2.18%
  • Published 03.03.2006 11:02:00
  • Last modified 03.04.2025 01:03:51

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ d...

2.6

CVE-2006-0733

Exploit
  • EPSS 0.83%
  • Published 16.02.2006 11:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the r...

5

CVE-2005-4463

Exploit
  • EPSS 1.58%
  • Published 21.12.2005 22:03:00
  • Last modified 03.04.2025 01:03:51

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, an...

7.5

CVE-2005-2612

Exploit
  • EPSS 73.42%
  • Published 17.08.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.