Vulnerabilities > Wordpress > Wordpress > 0.71
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-21 | CVE-2006-6016 | Remote Security vulnerability in WordPress wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | 4.0 |
2006-11-04 | CVE-2006-5705 | Multiple Security vulnerability in WordPress 2.04 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. network wordpress | 6.0 |
2006-05-30 | CVE-2006-2667 | Remote PHP Code Injection vulnerability in WordPress Username Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | 7.5 |
2006-04-17 | CVE-2006-1796 | Cross-Site Scripting vulnerability in WordPress Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). network wordpress | 6.8 |
2006-03-19 | CVE-2006-1263 | Cross-Site Scripting vulnerability in WordPress Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network wordpress | 4.3 |
2005-05-02 | CVE-2005-1102 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. network wordpress | 6.8 |