CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0194 – WordPress Core <= 2.0.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-0194
29 Jul 2006 — Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. Vulnerabilidad de salto de directorio en wp-db-backup.php de WordPress 2.0.3 y anteriores permite a atacantes remotos leer y borrar archivos de su elección, y provocar una denegació... • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2006-4028 – WordPress Core < 2.0.4 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4028
09 Jul 2006 — Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). Múltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la ... • http://bugs.gentoo.org/show_bug.cgi?id=142142 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3389
https://notcve.org/view.php?id=CVE-2006-3389
06 Jul 2006 — index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. index.php en WordPress 2.0.3 permite a los atacante remotos, obtener información sensible como los prefijos de una tabla SQL, a través del parámetro inválido paged, el cual muestra la i... • http://secunia.com/advisories/20928 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3390 – WordPress Core < 2.0.4 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2006-3390
06 Jul 2006 — WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. WordPress v2.0.3 permite a atacantes remotos obtener la ruta de instalación a través de una petición directa a varios ficheros, tal como aquellos en el (1)wp-admin, (2) wp-content, and (3) directorios wp-includes, posiblemente debido a variables sin inicializar. • http://secunia.com/advisories/20928 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2CVE-2006-2702 – WordPress Core < 2.0.3 - IP Address Spoofing
https://notcve.org/view.php?id=CVE-2006-2702
31 May 2006 — vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. • http://retrogod.altervista.org/wordpress_202_xpl.html • CWE-348: Use of Less Trusted Source •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2667 – WordPress Core < 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2667
30 May 2006 — Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. • https://www.exploit-db.com/exploits/6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5105 – WordPress Core < 2.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5105
10 Mar 2006 — Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-register.php en WordPress 2.0 y 2.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user_email. • https://www.exploit-db.com/exploits/30602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-1263 – WordPress Core < 2.0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1263
10 Mar 2006 — Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://wordpress.org/development/2006/03/security-202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 1CVE-2006-0985 – WordPress Core <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0985
03 Mar 2006 — Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2006-0986 – WordPress Core < 2.0.2 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2006-0986
03 Mar 2006 — WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: ... • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •