WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 894

CVE-2003-1599

почти 11 лет назад

PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.

CVSS2: 7.5

EPSS: Низкий

CVE-2003-1599

почти 11 лет назад

WordPress 0.7 allows remote execution of commands. / Wp-links / links.all.php. An attacker can inject a url in $ abspath and get remote execution of commands with the privileges of the server web (usually nobody).

CVSS2: 7.5

EPSS: Низкий

CVE-2003-1598

почти 11 лет назад

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVSS2: 7.5

EPSS: Низкий

CVE-2003-1598

почти 11 лет назад

SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...

CVSS2: 7.5

EPSS: Низкий

CVE-2003-1598

почти 11 лет назад

WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.

CVSS2: 7.5

EPSS: Низкий

CVE-2014-5266

около 11 лет назад

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

CVSS2: 5

EPSS: Высокий

CVE-2014-5266

около 11 лет назад

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...

CVSS2: 5

EPSS: Высокий

CVE-2014-5265

около 11 лет назад

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS2: 5

EPSS: Низкий

CVE-2014-5265

около 11 лет назад

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...

CVSS2: 5

EPSS: Низкий

CVE-2014-5240

около 11 лет назад

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

CVSS2: 2.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2003-1599 PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.	CVSS2: 7.5	1% Низкий	почти 11 лет назад
CVE-2003-1599 WordPress 0.7 allows remote execution of commands. / Wp-links / links.all.php. An attacker can inject a url in $ abspath and get remote execution of commands with the privileges of the server web (usually nobody).	CVSS2: 7.5	1% Низкий	почти 11 лет назад
CVE-2003-1598 SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.	CVSS2: 7.5	1% Низкий	почти 11 лет назад
CVE-2003-1598 SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...	CVSS2: 7.5	1% Низкий	почти 11 лет назад
CVE-2003-1598 WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.	CVSS2: 7.5	1% Низкий	почти 11 лет назад
CVE-2014-5266 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.	CVSS2: 5	73% Высокий	около 11 лет назад
CVE-2014-5266 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...	CVSS2: 5	73% Высокий	около 11 лет назад
CVE-2014-5265 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.	CVSS2: 5	4% Низкий	около 11 лет назад
CVE-2014-5265 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...	CVSS2: 5	4% Низкий	около 11 лет назад
CVE-2014-5240 Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.	CVSS2: 2.1	0% Низкий	около 11 лет назад

Уязвимостей на страницу