Page 54 of 277 results (0.017 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. • https://www.exploit-db.com/exploits/1077 http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 http://www.securityfocus.com/archive/1/426304/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. • http://marc.info/?l=bugtraq&m=112006967221438&w=2 http://secunia.com/advisories/15831 http://www.gulftech.org/?node=research&article_id=00085-06282005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. • http://bugs.gentoo.org/show_bug.cgi?id=94512 http://marc.info/?l=bugtraq&m=111817436619067&w=2 http://secunia.com/advisories/15517 http://security.gentoo.org/glsa/glsa-200506-04.xml http://wordpress.org/development/2005/05/security-update http://www.osvdb.org/16905 http://www.securityfocus.com/bid/13809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •