CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3544 – WordPress Core <= 2.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-3544
03 Jul 2007 — Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. Vulnerabilidad e envío de archivo no restringido en (1) wp-app.php y (2) app.php de WordPresss 2.2.1 y WordPr... • http://osvdb.org/37294 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3238
https://notcve.org/view.php?id=CVE-2007-3238
15 Jun 2007 — Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en functions.php en el tema po... • http://blogsecurity.net/wordpress/news/news-100607-1 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3241 – Cordobo Green Park (All Versions) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3241
15 Jun 2007 — Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en blogroll.php en el tema cordobo-green-park para WordPress permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la porción PHP_SELF de un URI. • http://osvdb.org/36817 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3240 – Vistered Little (Unspecified Version) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3240
14 Jun 2007 — Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en 404.php en el tema Vistered-Little para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del URI(REQUEST_URI) que... • http://osvdb.org/37441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2007-3140 – WordPress Core <= 2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3140
08 Jun 2007 — SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. Vulnerabilidad de inyección SQL en xmlrpc.php de WordPress 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de un valor de parámetro en una llamada de método XML RPC wp.suggestCategories, vector distinto de CVE-2007-1897. • https://www.exploit-db.com/exploits/4039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3239 – AndyBlue Theme < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3239
08 Jun 2007 — Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en searchform.php en el tema AndyBlue versiones anteriores a 20070607 para WordPress permite a atacantes remotos inyectar scripts web o HTML de... • http://osvdb.org/36379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 3CVE-2007-2821 – WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
https://notcve.org/view.php?id=CVE-2007-2821
22 May 2007 — SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. Vulnerabilidad de inyección SQL en wp-admin/admin-ajax.php en WordPress anterior a 2.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cookie. • https://www.exploit-db.com/exploits/3960 •
CVSS: 6.4EPSS: 5%CPEs: 12EXPL: 0CVE-2007-1894 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1894
03 Apr 2007 — Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-includes/general-template.php de WordPress anterior a 09/03/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro year en la función wp_title. • http://chxsecurity.org/advisories/adv-1-mid.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 3CVE-2007-1897 – WordPress Core < 2.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-1897
03 Apr 2007 — SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. Una vulnerabilidad de inyección SQL en xmlrpc (xmlrpc.php) en WordPress versión 2.1.2, y probablemente anteriores, permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio de un valor del parámetro string en una ll... • https://www.exploit-db.com/exploits/3656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 6CVE-2008-0192 – WordPress Core <= 2.0.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0192
03 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.0.9 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro popuptitle de (1) wp-admin/post.php o (2) wp-admin/page-new.php... • https://www.exploit-db.com/exploits/30978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •