WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894

CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
CVE-2006-6016
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a ...

CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVE-2006-6016
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...

CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp
CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
![]() | CVE-2006-6017 WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | CVSS3: 6.5 | 2% Низкий | больше 18 лет назад |
CVE-2006-6016 wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ... | CVSS3: 6.5 | 1% Низкий | больше 18 лет назад | |
CVE-2006-6017 WordPress before 2.0.5 does not properly store a profile containing a ... | CVSS3: 6.5 | 2% Низкий | больше 18 лет назад | |
![]() | CVE-2006-6017 WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | CVSS3: 6.5 | 2% Низкий | больше 18 лет назад |
![]() | CVE-2006-6016 wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | CVSS3: 6.5 | 1% Низкий | больше 18 лет назад |
![]() | CVE-2006-5705 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | CVSS2: 6 | 4% Низкий | почти 19 лет назад |
CVE-2006-5705 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ... | CVSS2: 6 | 4% Низкий | почти 19 лет назад | |
![]() | CVE-2006-5705 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | CVSS2: 6 | 4% Низкий | почти 19 лет назад |
![]() | CVE-2006-4743 WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp | CVSS2: 5 | 1% Низкий | почти 19 лет назад |
CVE-2006-4743 WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ... | CVSS2: 5 | 1% Низкий | почти 19 лет назад |
Уязвимостей на страницу