WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 896

CVE-2007-3238

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in functions.php in the defau ...

CVSS2: 6

EPSS: Низкий

CVE-2007-3238

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

CVSS2: 6

EPSS: Низкий

CVE-2007-3140

больше 18 лет назад

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

CVSS2: 6.5

EPSS: Низкий

CVE-2007-3140

больше 18 лет назад

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...

CVSS2: 6.5

EPSS: Низкий

CVE-2007-3140

больше 18 лет назад

CVSS2: 6.5

EPSS: Низкий

CVE-2007-2821

больше 18 лет назад

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-2821

больше 18 лет назад

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-2821

больше 18 лет назад

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-2627

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

CVSS2: 6.8

EPSS: Низкий

CVE-2007-2627

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...

CVSS2: 6.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-3238 Cross-site scripting (XSS) vulnerability in functions.php in the defau ...	CVSS2: 6	1% Низкий	больше 18 лет назад
CVE-2007-3238 Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.	CVSS2: 6	1% Низкий	больше 18 лет назад
CVE-2007-3140 SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.	CVSS2: 6.5	2% Низкий	больше 18 лет назад
CVE-2007-3140 SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...	CVSS2: 6.5	2% Низкий	больше 18 лет назад
CVE-2007-3140 SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.	CVSS2: 6.5	2% Низкий	больше 18 лет назад
CVE-2007-2821 SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.	CVSS2: 7.5	5% Низкий	больше 18 лет назад
CVE-2007-2821 SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...	CVSS2: 7.5	5% Низкий	больше 18 лет назад
CVE-2007-2821 SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.	CVSS2: 7.5	5% Низкий	больше 18 лет назад
CVE-2007-2627 Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.	CVSS2: 6.8	1% Низкий	больше 18 лет назад
CVE-2007-2627 Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...	CVSS2: 6.8	1% Низкий	больше 18 лет назад

Уязвимостей на страницу