WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earl ...
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-1796
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
CVE-2006-1796
Cross-site scripting (XSS) vulnerability in the paging links functiona ...
CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ...
CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-2702 vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | CVSS2: 5 | 2% Низкий | около 19 лет назад |
| CVE-2006-2702 vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ... | CVSS2: 5 | 2% Низкий | около 19 лет назад |
| CVE-2006-2667 Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | CVSS2: 7.5 | 32% Средний | около 19 лет назад |
| CVE-2006-2667 Direct static code injection vulnerability in WordPress 2.0.2 and earl ... | CVSS2: 7.5 | 32% Средний | около 19 лет назад |
 | CVE-2006-2667 Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | CVSS2: 7.5 | 32% Средний | около 19 лет назад |
| CVE-2006-1796 Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | CVSS2: 6.8 | 0% Низкий | больше 19 лет назад |
| CVE-2006-1796 Cross-site scripting (XSS) vulnerability in the paging links functiona ... | CVSS2: 6.8 | 0% Низкий | больше 19 лет назад |
| CVE-2006-1263 Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
| CVE-2006-1263 Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ... | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
| CVE-2006-1263 Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
Уязвимостей на страницу