CVSS: 6.4EPSS: 5%CPEs: 12EXPL: 0CVE-2007-1894 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1894
03 Apr 2007 — Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-includes/general-template.php de WordPress anterior a 09/03/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro year en la función wp_title. • http://chxsecurity.org/advisories/adv-1-mid.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 14EXPL: 2CVE-2007-1622 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1622
23 Mar 2007 — Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-admin/vars.php en WordPress anterior a 2.0.10 RC2, y anterior a 2.1.3 RC2 en las series 2.1, permite ... • https://www.exploit-db.com/exploits/29754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
11 Feb 2007 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyect... • http://codex.wordpress.org/Version_3.0.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •