Vulnerabilities > Wordpress > Wordpress > 1.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-04 | CVE-2006-5705 | Multiple Security vulnerability in WordPress 2.04 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. network wordpress | 6.0 |
2006-05-30 | CVE-2006-2667 | Remote PHP Code Injection vulnerability in WordPress Username Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | 7.5 |
2006-04-17 | CVE-2006-1796 | Cross-Site Scripting vulnerability in WordPress Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). network wordpress | 6.8 |
2006-03-19 | CVE-2006-1263 | Cross-Site Scripting vulnerability in WordPress Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network wordpress | 4.3 |
2006-03-06 | CVE-2006-1012 | SQL Injection vulnerability in Wordpress 1.5.2 SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | 7.5 |