CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1012 – WordPress Core <= 1.5.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-1012
31 Dec 2005 — SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Vulnerabilidad de inyección de SQL en WordPress 1.5.2, y posiblemente otras versiones anteriores a 2.0, permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el campo "User-Agent" en la cabecera HTTP de un comentario. • http://secunia.com/advisories/19109 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 1%CPEs: 9EXPL: 1CVE-2005-4463 – WordPress Core < 1.5.2 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-4463
21 Dec 2005 — WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, a... • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 30%CPEs: 8EXPL: 3CVE-2005-2612 – WordPress Core < 1.5.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-2612
09 Aug 2005 — Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. • https://packetstorm.news/files/id/131000 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 2CVE-2005-2108 – WordPress Core < 1.5.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-2108
29 Jun 2005 — SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. • https://www.exploit-db.com/exploits/1077 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2109 – WordPress Core < 1.5.1.3 - Arbitrary Email Content Change
https://notcve.org/view.php?id=CVE-2005-2109
29 Jun 2005 — wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 1CVE-2005-2107 – WordPress Core <= 1.5.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2107
29 Jun 2005 — Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2110 – WordPress Core < 1.5.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2005-2110
29 Jun 2005 — WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1810 – WordPress Core < 1.5.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-1810
27 May 2005 — SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. • http://bugs.gentoo.org/show_bug.cgi?id=94512 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1688 – WordPress Core < 1.5.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-1688
09 May 2005 — Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111661517716733&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1687 – WordPress Core < 1.5.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-1687
09 May 2005 — SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. • http://bugs.gentoo.org/show_bug.cgi?id=88926 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •