CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6016 – WordPress Core < 2.0.5 - User Metadata Information Disclosure
https://notcve.org/view.php?id=CVE-2006-6016
18 Sep 2006 — wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. wp-admin/user-edit.php en WordPress anterior a 2.0.5 permite a atacantes remotos autenticados leer la metainformación de un usuario de su elección mediante un parámetro user_id modificado. • http://bugs.gentoo.org/show_bug.cgi?id=153303 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0194 – WordPress Core <= 2.0.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-0194
29 Jul 2006 — Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. Vulnerabilidad de salto de directorio en wp-db-backup.php de WordPress 2.0.3 y anteriores permite a atacantes remotos leer y borrar archivos de su elección, y provocar una denegació... • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2667 – WordPress Core < 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2667
30 May 2006 — Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. • https://www.exploit-db.com/exploits/6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-1263 – WordPress Core < 2.0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1263
10 Mar 2006 — Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://wordpress.org/development/2006/03/security-202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2006-1796 – WordPress Core < 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1796
31 Jan 2006 — Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1688 – WordPress Core < 1.5.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-1688
09 May 2005 — Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111661517716733&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1102 – WordPress Core <= 1.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1102
13 Apr 2005 — Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. • http://bugs.gentoo.org/show_bug.cgi?id=88926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2003-1599 – WordPress Core <= 0.70 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1599
09 Jun 2003 — PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. Una vulnerabilidad de inclusión de archivo PHP remota en archivo wp-links/links.all.php en WordPress versión 0.70, permite a los atacantes remotos ejecutar código PHP arbitrario por medio de una URL en la variable $abspath. • http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •