WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via ...
CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites d ...
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
CVE-2007-1244
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
CVE-2007-1244
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...
CVE-2007-1244
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
CVE-2007-1230
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
CVE-2007-1230
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-1409 WordPress allows remote attackers to obtain sensitive information via ... | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
 | CVE-2007-1409 WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
 | CVE-2007-1277 WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | CVSS2: 7.5 | 85% Высокий | больше 18 лет назад |
| CVE-2007-1277 WordPress 2.1.1, as downloaded from some official distribution sites d ... | CVSS2: 7.5 | 85% Высокий | больше 18 лет назад |
| CVE-2007-1277 WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | CVSS2: 7.5 | 85% Высокий | больше 18 лет назад |
| CVE-2007-1244 Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. | CVSS2: 6.8 | 8% Низкий | больше 18 лет назад |
| CVE-2007-1244 Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ... | CVSS2: 6.8 | 8% Низкий | больше 18 лет назад |
| CVE-2007-1244 Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. | CVSS2: 6.8 | 8% Низкий | больше 18 лет назад |
| CVE-2007-1230 Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. | CVSS2: 5.8 | 1% Низкий | больше 18 лет назад |
| CVE-2007-1230 Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ... | CVSS2: 5.8 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу