CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0CVE-2007-1409
https://notcve.org/view.php?id=CVE-2007-1409
10 Mar 2007 — WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. WordPress permite a atacantes remotos obtener información sensible mediante una petición directa al wp-admin/admin-functions.php, que muestra la ruta (path) en un mensaje de error. • http://secunia.com/advisories/24566 •
CVSS: 9.8EPSS: 89%CPEs: 1EXPL: 3CVE-2007-1277 – WordPress Core 2.2.1 - Backdoor
https://notcve.org/view.php?id=CVE-2007-1277
03 Mar 2007 — WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. WordPress 2.1.1, descargado desde algunos sitios de distribución oficial durante febrero y marzo de 2007, contiene una puerta trasera introduci... • https://www.exploit-db.com/exploits/29702 • CWE-20: Improper Input Validation CWE-506: Embedded Malicious Code •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1230 – WordPress Core <= 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1230
02 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en wp_includes/functions.php de WordPress anterior a 2.1.2-alpha permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (... • http://osvdb.org/34361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 4%CPEs: 1EXPL: 2CVE-2007-1244 – WordPress Core <= 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1244
02 Mar 2007 — Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el AdminPanel en WordPress 2.1.1 y anteriores permite a atacantes remotos realizar ac... • https://www.exploit-db.com/exploits/29682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 23EXPL: 2CVE-2007-1049 – WordPress Core < 2.09 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1049
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función wp_explain_nonce de la funcionalidad nonce AYS (wp-includes/functions.php) p... • https://www.exploit-db.com/exploits/29598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
11 Feb 2007 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyect... • http://codex.wordpress.org/Version_3.0.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2007-0540 – WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
https://notcve.org/view.php?id=CVE-2007-0540
29 Jan 2007 — WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. WordPress permite a atacantes remotos provocar una denegación de servicio (agotamiento de ancho de banda o hilos) mediante llamadas al servicio de pingback con un URI origen que corresponde a un archivo con un tipo de contenido binario, que es... • https://www.exploit-db.com/exploits/29522 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0541 – WordPress Core < 2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-0541
24 Jan 2007 — WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. WordPress permite a atacantes remotos determinar la existencia de archivos de su elección, y posiblemente leer porciones de determinados... • http://securityreason.com/securityalert/2191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0195 – WordPress Core < 2.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2008-0195
22 Jan 2007 — WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. WordPress 2.0.11 y anteriores permite a atacantes remotos obtener información sensible mediante un valor vacío del parámetro page a ciertas secuencias de comandos PHP bajo wp-admin/, lo cual revela la ruta en varios mensajes de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0539 – WordPress Core < 2.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2007-0539
22 Jan 2007 — The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. La función wp_remote_fopen en WordPress anterior a versión 2.1 permite a los atacantes remotos causar una denegación de servicio (ancho de banda o consumo del hilo) por medio de llamadas de servicio pingback con un URI fuent... • http://securityreason.com/securityalert/2191 • CWE-400: Uncontrolled Resource Consumption •