Wordpress

Wordpress

363 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2006-0733

Exploit
  • EPSS 0.83%
  • Veröffentlicht 16.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the r...

5

CVE-2005-4463

Exploit
  • EPSS 1.58%
  • Veröffentlicht 21.12.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, an...

7.5

CVE-2005-2612

Exploit
  • EPSS 73.42%
  • Veröffentlicht 17.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

4.3

CVE-2005-2107

Exploit
  • EPSS 0.91%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

7.5

CVE-2005-2108

Exploit
  • EPSS 1.06%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

5

CVE-2005-2109

  • EPSS 1.08%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.

5

CVE-2005-2110

  • EPSS 1.23%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an...

7.5

CVE-2005-1810

  • EPSS 1.64%
  • Veröffentlicht 01.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.

7.5

CVE-2005-1687

  • EPSS 0.84%
  • Veröffentlicht 20.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

5

CVE-2005-1688

  • EPSS 0.62%
  • Veröffentlicht 20.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.