CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2007-2714 – Akismet Spam Protection < 2.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2714
14 May 2007 — Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. Vulnerabilidad no especificada en akismet.php de Matt Mullenweg Akismet anterior a 2.0.2, una extensión (plugin) de WordPress, tiene impacto y vectores de ataque desconocidos. The Akismet Spam Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _wp_http_referer’ parameter in versions before 2.0.2 due to insufficient ... • https://www.exploit-db.com/exploits/30036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 2CVE-2006-6863 – WordPress Plugin Enigma 2 Bridge - 'boarddir' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-6863
31 Dec 2006 — PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value ** IMPUGNADO ** Vulnerabilidad PHP de inclusión remota de archivo en el plugin Enigma2 (Enigma2.php) en Enigma WordPress Bridge permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro board... • https://www.exploit-db.com/exploits/3051 •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2006-4028 – WordPress Core < 2.0.4 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4028
09 Jul 2006 — Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. ... Múltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. • http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-10002 – almosteffortless secure-files Plugin secure-files.php sf_downloads path traversal
https://notcve.org/view.php?id=CVE-2005-10002
03 Oct 2005 — A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. ... Una vulnerabilidad clasificada como crítica fue encontrada en el complemento almosteffortless secure-files hasta 1.1 en WordPress. ... Es wurde eine Schwachstelle in almosteffortless secure-files Plugin bis 1.1 für WordPress gefunden. ... The secure-files plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1... • https://github.com/wp-plugins/secure-files/commit/cab025e5fc2bcdad8032d833ebc38e6bd2a13c92 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •