CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 1CVE-2005-2107 – WordPress Core <= 1.5.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2107
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2005-2108 – WordPress Core < 1.5.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. • https://www.exploit-db.com/exploits/1077 http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2109 – WordPress Core < 1.5.1.3 - Arbitrary Email Content Change
https://notcve.org/view.php?id=CVE-2005-2109
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1688 – WordPress Core < 1.5.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-1688
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111661517716733&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1102 – WordPress Core <= 1.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1102
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. • http://bugs.gentoo.org/show_bug.cgi?id=88926 http://marc.info/?l=bugtraq&m=111336102101571&w=2 http://security.gentoo.org/glsa/glsa-200506-04.xml http://wordpress.org/support/topic.php?id=30721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •