WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ...
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
CVE-2008-2068
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2068
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ...
CVE-2008-2068
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of ...
CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
CVE-2008-1982
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
CVE-2008-2068
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2008-2146 wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ... | CVSS2: 7.5 | 1% Низкий | больше 17 лет назад |
 | CVE-2008-2146 wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | CVSS2: 7.5 | 1% Низкий | больше 17 лет назад |
 | CVE-2008-2068 Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2008-2068 Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ... | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2008-2068 Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2008-1930 The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | CVSS2: 7.5 | 8% Низкий | больше 17 лет назад |
| CVE-2008-1930 The cookie authentication method in WordPress 2.5 relies on a hash of ... | CVSS2: 7.5 | 8% Низкий | больше 17 лет назад |
| CVE-2008-1930 The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | CVSS2: 7.5 | 8% Низкий | больше 17 лет назад |
| CVE-2008-1982 SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | CVSS2: 7.5 | 1% Низкий | больше 17 лет назад |
 | CVE-2008-2068 Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 1% Низкий | больше 17 лет назад |
Уязвимостей на страницу