WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2007-2627
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
CVE-2007-1894
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
CVE-2007-1897
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
CVE-2007-1893
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
CVE-2007-1897
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...
CVE-2007-1893
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...
CVE-2007-1894
Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...
CVE-2007-1894
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
CVE-2007-1897
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
CVE-2007-1893
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-2627 Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад |
 | CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | CVSS2: 4.3 | 6% Низкий | больше 18 лет назад |
| CVE-2007-1897 SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | CVSS2: 6.5 | 2% Низкий | больше 18 лет назад |
| CVE-2007-1893 xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | CVSS2: 4.9 | 0% Низкий | больше 18 лет назад |
| CVE-2007-1897 SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ... | CVSS2: 6.5 | 2% Низкий | больше 18 лет назад |
| CVE-2007-1893 xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ... | CVSS2: 4.9 | 0% Низкий | больше 18 лет назад |
| CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ... | CVSS2: 4.3 | 6% Низкий | больше 18 лет назад |
| CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | CVSS2: 4.3 | 6% Низкий | больше 18 лет назад |
| CVE-2007-1897 SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | CVSS2: 6.5 | 2% Низкий | больше 18 лет назад |
| CVE-2007-1893 xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | CVSS2: 4.9 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу