CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 3CVE-2006-0733 – WordPress Core 2.0 - Comment Post HTML Injection
https://notcve.org/view.php?id=CVE-2006-0733
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability • https://www.exploit-db.com/exploits/27227 http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html http://www.securityfocus.com/archive/1/425043/100/0/threaded http://www.securityfocus.com/bid/16656 https://exchange.xforce.ibmcloud.com/vulnerabilities/24736 •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2006-1796 – WordPress Core < 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1796
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909 http://trac.wordpress.org/ticket/1686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2005-4463 – WordPress Core < 1.5.2 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2005-4463
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://echo.or.id/adv/adv24-theday-2005.txt http://securityreason.com/securityalert/286 http://www.securityfocus.com/archive/1/419994/100/0/threaded http://www.securityfocus.com/archive/1/419999/100/0/threaded http://www.securityfocus.com/archive/1/426304/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •