CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1688 – WordPress Core < 1.5.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-1688
09 May 2005 — Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111661517716733&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1687 – WordPress Core < 1.5.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-1687
09 May 2005 — SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. • http://bugs.gentoo.org/show_bug.cgi?id=88926 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1102 – WordPress Core <= 1.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1102
13 Apr 2005 — Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. • http://bugs.gentoo.org/show_bug.cgi?id=88926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 2CVE-2004-1584 – WordPress Core <= 1.2 - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2004-1584
06 Oct 2004 — CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. • https://www.exploit-db.com/exploits/570 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 8CVE-2004-1559 – WordPress Core < 1.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1559
06 Oct 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. • https://www.exploit-db.com/exploits/24642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1598 – WordPress Core < 0.72 - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1598
11 Oct 2003 — SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. Una vulnerabilidad de inyección SQL en el archivo log.header.php en WordPress versión 0.7 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la variable posts. • http://osvdb.org/show/osvdb/4610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2003-1599 – WordPress Core <= 0.70 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1599
09 Jun 2003 — PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. Una vulnerabilidad de inclusión de archivo PHP remota en archivo wp-links/links.all.php en WordPress versión 0.70, permite a los atacantes remotos ejecutar código PHP arbitrario por medio de una URL en la variable $abspath. • http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •