Vulnerabilities > Wordpress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-30 | CVE-2007-5710 | Cross-Site Scripting vulnerability in Wordpress 2.3 Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. | 2.6 |
2007-09-26 | CVE-2007-5106 | Cross-Site Scripting vulnerability in Wordpress 2.0 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | 4.3 |
2007-09-26 | CVE-2007-5105 | Cross-Site Scripting vulnerability in Wordpress 2.0/2.0.1 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | 4.3 |
2007-09-14 | CVE-2007-4894 | SQL Injection vulnerability in Wordpress Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | 7.5 |
2007-09-14 | CVE-2007-4893 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | 4.3 |
2007-08-27 | CVE-2007-4544 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | 4.3 |
2007-08-22 | CVE-2007-4483 | Cross-Site Scripting vulnerability in Wordpress Wordpressclassic 1.5 Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). network wordpress | 4.3 |
2007-08-22 | CVE-2007-4482 | Cross-Site Scripting vulnerability in Wordpress Pool 1.0.7 Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). network wordpress | 4.3 |
2007-08-22 | CVE-2007-4481 | Cross-Site Scripting vulnerability in Blix Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). network wordpress | 4.3 |
2007-08-22 | CVE-2007-4480 | Cross-Site Scripting vulnerability in Wordpress Sirius 1.0 Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). network wordpress | 4.3 |