CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-4028 – WordPress Core < 2.0.4 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4028
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). Múltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la falta de detalles, no está claro por qué estos problemas son diferentes de CVE-2006-3389 y CVE-2006-3390, aunque es probable que la versión 2.04 solucione un problema no especificado relacionado con la funcionalidad "cualquiera puede registrarse" (registro de usuario para invitados). • http://bugs.gentoo.org/show_bug.cgi?id=142142 http://secunia.com/advisories/21309 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress http://wordpress.org/development/2006/07/wordpress-204 http://www.osvdb.org/27633 http://www.securityfocus.com/bid/19247 http://www.vupen. • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 12%CPEs: 1EXPL: 2CVE-2006-2667 – WordPress Core < 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. • https://www.exploit-db.com/exploits/6 http://retrogod.altervista.org/wordpress_202_xpl.html http://secunia.com/advisories/20271 http://secunia.com/advisories/20608 http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml http://www.osvdb.org/25777 http://www.securityfocus.com/archive/1/435039/100/0/threaded http://www.securityfocus.com/bid/18372 http://www.vupen.com/english/advisories/2006/1992 https://exchange.xforce.ibmcloud.com/vulnerabilities/26687 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-1263 – WordPress Core < 2.0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://wordpress.org/development/2006/03/security-202 http://www.securityfocus.com/bid/17069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5105 – WordPress Core < 2.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5105
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-register.php en WordPress 2.0 y 2.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user_email. • https://www.exploit-db.com/exploits/30602 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp http://securityreason.com/securityalert/3175 http://www.securityfocus.com/archive/1/480327/100/0/threaded http://www.securityfocus.com/bid/25769 https://exchange.xforce.ibmcloud.com/vulnerabilities/36742 https://exchange.xforce.ibmcloud.com/vulnerabilities/36743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 1CVE-2006-0985 – WordPress Core <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0985
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://secunia.com/advisories/19050 http://www.securityfocus.com/archive/1/426304/100/0/threaded http://www.securityfocus.com/archive/1/426504/100/0/threaded http://www.securityfocus.com/archive/1/426574/100/0/threaded http://www.vupen.com/english/advisories/2006/0777 https://exchange.xforce.ibmcloud.com/vulnerabilities/24957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •