Логотип exploitDog
product: "wordpress"
Консоль
Логотип exploitDog

exploitDog

product: "wordpress"
WordPress

WordPressсвободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress
Вендор: Wordpress

График релизов

6.36.46.56.66.76.82023202420252026

Недавние уязвимости WordPress

Количество 1 894

nvd логотип

CVE-2006-6017

больше 18 лет назад

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2006-6016

больше 18 лет назад

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2006-6017

больше 18 лет назад

WordPress before 2.0.5 does not properly store a profile containing a ...

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6017

больше 18 лет назад

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6016

больше 18 лет назад

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2006-5705

почти 19 лет назад

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVSS2: 6
EPSS: Низкий
debian логотип

CVE-2006-5705

почти 19 лет назад

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...

CVSS2: 6
EPSS: Низкий
ubuntu логотип

CVE-2006-5705

почти 19 лет назад

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVSS2: 6
EPSS: Низкий
nvd логотип

CVE-2006-4743

почти 19 лет назад

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2006-4743

почти 19 лет назад

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
2%
Низкий
больше 18 лет назад
debian логотип
CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...

CVSS3: 6.5
1%
Низкий
больше 18 лет назад
debian логотип
CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a ...

CVSS3: 6.5
2%
Низкий
больше 18 лет назад
ubuntu логотип
CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
2%
Низкий
больше 18 лет назад
ubuntu логотип
CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVSS3: 6.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVSS2: 6
4%
Низкий
почти 19 лет назад
debian логотип
CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...

CVSS2: 6
4%
Низкий
почти 19 лет назад
ubuntu логотип
CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVSS2: 6
4%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-4743

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp

CVSS2: 5
1%
Низкий
почти 19 лет назад
debian логотип
CVE-2006-4743

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...

CVSS2: 5
1%
Низкий
почти 19 лет назад

Уязвимостей на страницу


Поделиться