Wordpress

Wordpress

377 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-1263

  • EPSS 0.34%
  • Veröffentlicht 19.03.2006 02:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

7.5

CVE-2006-1012

  • EPSS 1.87%
  • Veröffentlicht 06.03.2006 21:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

4.3

CVE-2006-0985

Exploit
  • EPSS 0.89%
  • Veröffentlicht 03.03.2006 11:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

5

CVE-2006-0986

Exploit
  • EPSS 2.18%
  • Veröffentlicht 03.03.2006 11:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ d...

2.6

CVE-2006-0733

Exploit
  • EPSS 0.83%
  • Veröffentlicht 16.02.2006 11:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the r...

5

CVE-2005-4463

Exploit
  • EPSS 1.61%
  • Veröffentlicht 21.12.2005 22:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, an...

7.5

CVE-2005-2612

Exploit
  • EPSS 73.42%
  • Veröffentlicht 17.08.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

4.3

CVE-2005-2107

Exploit
  • EPSS 0.91%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

7.5

CVE-2005-2108

Exploit
  • EPSS 1.06%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

5

CVE-2005-2109

  • EPSS 1.08%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.