WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 906
CVE-2014-9036
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
CVE-2014-9032
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2003-1599
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
CVE-2003-1599
WordPress 0.7 allows remote execution of commands. / Wp-links / links.all.php. An attacker can inject a url in $ abspath and get remote execution of commands with the privileges of the server web (usually nobody).
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...
CVE-2003-1598
WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-9036 Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | CVSS2: 4.3 | 1% Низкий | около 11 лет назад |
| CVE-2014-9032 Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | около 11 лет назад |
 | CVE-2003-1599 PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | CVSS2: 7.5 | 1% Низкий | больше 11 лет назад |
| CVE-2003-1599 WordPress 0.7 allows remote execution of commands. / Wp-links / links.all.php. An attacker can inject a url in $ abspath and get remote execution of commands with the privileges of the server web (usually nobody). | CVSS2: 7.5 | 1% Низкий | больше 11 лет назад |
| CVE-2003-1598 SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | CVSS2: 7.5 | 1% Низкий | больше 11 лет назад |
| CVE-2003-1598 SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ... | CVSS2: 7.5 | 1% Низкий | больше 11 лет назад |
| CVE-2003-1598 WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges. | CVSS2: 7.5 | 1% Низкий | больше 11 лет назад |
| CVE-2014-5266 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. | CVSS2: 5 | 76% Высокий | больше 11 лет назад |
| CVE-2014-5266 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ... | CVSS2: 5 | 76% Высокий | больше 11 лет назад |
| CVE-2014-5265 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | CVSS2: 5 | 7% Низкий | больше 11 лет назад |
Уязвимостей на страницу