WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2007-5106
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...
CVE-2007-5105
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...
CVE-2007-5105
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
CVE-2007-5106
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-5106 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ... | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-5105 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ... | CVSS2: 4.3 | 2% Низкий | около 18 лет назад |
 | CVE-2007-5105 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | CVSS2: 4.3 | 2% Низкий | около 18 лет назад |
| CVE-2007-5106 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
 | CVE-2007-4894 Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | CVSS2: 7.5 | 4% Низкий | около 18 лет назад |
| CVE-2007-4893 wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | CVSS2: 4.3 | 1% Низкий | около 18 лет назад |
| CVE-2007-4894 Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ... | CVSS2: 7.5 | 4% Низкий | около 18 лет назад |
| CVE-2007-4893 wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ... | CVSS2: 4.3 | 1% Низкий | около 18 лет назад |
| CVE-2007-4893 wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | CVSS2: 4.3 | 1% Низкий | около 18 лет назад |
| CVE-2007-4894 Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | CVSS2: 7.5 | 4% Низкий | около 18 лет назад |
Уязвимостей на страницу