CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2006-0733 – WordPress Core 2.0 - Comment Post HTML Injection
https://notcve.org/view.php?id=CVE-2006-0733
16 Feb 2006 — Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability • https://www.exploit-db.com/exploits/27227 •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2006-1796 – WordPress Core < 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1796
31 Jan 2006 — Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1012 – WordPress Core <= 1.5.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-1012
31 Dec 2005 — SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Vulnerabilidad de inyección de SQL en WordPress 1.5.2, y posiblemente otras versiones anteriores a 2.0, permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el campo "User-Agent" en la cabecera HTTP de un comentario. • http://secunia.com/advisories/19109 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 1%CPEs: 9EXPL: 1CVE-2005-4463 – WordPress Core < 1.5.2 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-4463
21 Dec 2005 — WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, a... • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 30%CPEs: 8EXPL: 3CVE-2005-2612 – WordPress Core < 1.5.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-2612
09 Aug 2005 — Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. • https://packetstorm.news/files/id/131000 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 2CVE-2005-2108 – WordPress Core < 1.5.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-2108
29 Jun 2005 — SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. • https://www.exploit-db.com/exploits/1077 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2109 – WordPress Core < 1.5.1.3 - Arbitrary Email Content Change
https://notcve.org/view.php?id=CVE-2005-2109
29 Jun 2005 — wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 1CVE-2005-2107 – WordPress Core <= 1.5.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2107
29 Jun 2005 — Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2110 – WordPress Core < 1.5.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2005-2110
29 Jun 2005 — WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1810 – WordPress Core < 1.5.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-1810
27 May 2005 — SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. • http://bugs.gentoo.org/show_bug.cgi?id=94512 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •