Vulnerabilities > Wordpress > Wordpress > 1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0107 | SQL Injection vulnerability in WordPress Charset Decoding WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. network wordpress | 6.8 |
| 2006-12-28 | CVE-2006-6808 | HTML Injection vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. network wordpress | 6.8 |
| 2006-11-21 | CVE-2006-6017 | Denial-Of-Service vulnerability in WordPress WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | 4.0 |
| 2006-11-21 | CVE-2006-6016 | Remote Security vulnerability in WordPress wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | 4.0 |
| 2006-11-04 | CVE-2006-5705 | Multiple Security vulnerability in WordPress 2.04 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. network wordpress | 6.0 |
| 2006-05-30 | CVE-2006-2667 | Remote PHP Code Injection vulnerability in WordPress Username Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | 7.5 |
| 2006-04-17 | CVE-2006-1796 | Cross-Site Scripting vulnerability in WordPress Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). network wordpress | 6.8 |
| 2005-05-02 | CVE-2005-1102 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. network wordpress | 6.8 |