Vulnerabilities > Wordpress > Wordpress > 2.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-27 | CVE-2008-3747 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | 7.5 |
| 2008-07-18 | CVE-2008-3233 | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-05-21 | CVE-2008-2392 | Improper Input Validation vulnerability in Wordpress Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | 9.0 |