WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
CVE-2007-1732
Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor
CVE-2007-1622
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
CVE-2007-1622
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...
CVE-2007-1622
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
CVE-2007-1599
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.
CVE-2007-1599
wp-login.php in WordPress allows remote attackers to redirect authenti ...
CVE-2007-1599
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.
CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via ...
CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-1732 Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor | CVSS2: 3.5 | 0% Низкий | больше 18 лет назад |
 | CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | CVSS2: 4.3 | 4% Низкий | больше 18 лет назад |
| CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ... | CVSS2: 4.3 | 4% Низкий | больше 18 лет назад |
| CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | CVSS2: 4.3 | 4% Низкий | больше 18 лет назад |
| CVE-2007-1599 wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | CVSS2: 6.5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1599 wp-login.php in WordPress allows remote attackers to redirect authenti ... | CVSS2: 6.5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1599 wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | CVSS2: 6.5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1409 WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-1409 WordPress allows remote attackers to obtain sensitive information via ... | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2007-1409 WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу