CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3140 – WordPress Core <= 2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3140
08 Jun 2007 — SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. Vulnerabilidad de inyección SQL en xmlrpc.php de WordPress 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de un valor de parámetro en una llamada de método XML RPC wp.suggestCategories, vector distinto de CVE-2007-1897. • https://www.exploit-db.com/exploits/4039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3239 – AndyBlue Theme < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3239
08 Jun 2007 — Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en searchform.php en el tema AndyBlue versiones anteriores a 20070607 para WordPress permite a atacantes remotos inyectar scripts web o HTML de... • http://osvdb.org/36379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2007-2821 – WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
https://notcve.org/view.php?id=CVE-2007-2821
22 May 2007 — SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. Vulnerabilidad de inyección SQL en wp-admin/admin-ajax.php en WordPress anterior a 2.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cookie. • https://www.exploit-db.com/exploits/3960 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 3CVE-2007-1897 – WordPress Core < 2.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-1897
03 Apr 2007 — SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. Una vulnerabilidad de inyección SQL en xmlrpc (xmlrpc.php) en WordPress versión 2.1.2, y probablemente anteriores, permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio de un valor del parámetro string en una ll... • https://www.exploit-db.com/exploits/3656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2007-1894 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1894
03 Apr 2007 — Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-includes/general-template.php de WordPress anterior a 09/03/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro year en la función wp_title. • http://chxsecurity.org/advisories/adv-1-mid.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 6CVE-2008-0192 – WordPress Core <= 2.0.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0192
03 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.0.9 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro popuptitle de (1) wp-admin/post.php o (2) wp-admin/page-new.php... • https://www.exploit-db.com/exploits/30978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1893 – WordPress Core < 2.1.3 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2007-1893
03 Apr 2007 — xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." xmlrpc (xmlrpc.php) en WordPress versión 2.1.2, y probablemente anteriores, permite a usuarios autenticados remotos con el rol de colaborador omitir las restricciones de acceso previstas e invocar la funcionalidad publish_posts, que puede ser usada pa... • http://secunia.com/advisories/24751 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1732
https://notcve.org/view.php?id=CVE-2007-1732
28 Mar 2007 — Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor ** IMPUGNADO ** Vulnerabilida... • http://codex.wordpress.org/Roles_and_Capabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 2CVE-2007-1622 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1622
23 Mar 2007 — Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-admin/vars.php en WordPress anterior a 2.0.10 RC2, y anterior a 2.1.3 RC2 en las series 2.1, permite ... • https://www.exploit-db.com/exploits/29754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1599 – WordPress Core < 2.0.10 - Open Redirect
https://notcve.org/view.php?id=CVE-2007-1599
22 Mar 2007 — wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. wp-login.php de WordPress permite a atacantes remotos redirigir a usuarios autenticados a otros sitios web y potencialmente obtener información confidencial a través del parámetro redirect_to. • http://secunia.com/advisories/30960 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •