WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 906
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ...
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2008-0195
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
CVE-2008-0194
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-1304 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | CVSS2: 4.3 | 3% Низкий | почти 18 лет назад |
| CVE-2008-1304 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ... | CVSS2: 4.3 | 3% Низкий | почти 18 лет назад |
 | CVE-2008-1304 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | CVSS2: 4.3 | 3% Низкий | почти 18 лет назад |
 | CVE-2008-1304 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | 3% Низкий | почти 18 лет назад | |
| CVE-2008-0664 The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | CVSS2: 6.4 | 7% Низкий | почти 18 лет назад |
| CVE-2008-0664 The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ... | CVSS2: 6.4 | 7% Низкий | почти 18 лет назад |
| CVE-2008-0664 The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | CVSS2: 6.4 | 7% Низкий | почти 18 лет назад |
| CVE-2008-0664 The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | 7% Низкий | около 18 лет назад | |
| CVE-2008-0195 WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. | CVSS2: 5 | 2% Низкий | около 18 лет назад |
| CVE-2008-0194 Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
Уязвимостей на страницу