WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ...

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...

Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ...

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.