CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3390 – WordPress Core < 2.0.4 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. WordPress v2.0.3 permite a atacantes remotos obtener la ruta de instalación a través de una petición directa a varios ficheros, tal como aquellos en el (1)wp-admin, (2) wp-content, and (3) directorios wp-includes, posiblemente debido a variables sin inicializar. • http://secunia.com/advisories/20928 http://secunia.com/advisories/21447 http://security.gentoo.org/glsa/glsa-200608-19.xml http://securityreason.com/securityalert/1187 http://www.securityfocus.com/archive/1/438942/100/0/threaded http://www.securityfocus.com/archive/1/439062/100/0/threaded http://www.securityfocus.com/bid/18779 http://www.vupen.com/english/advisories/2006/2661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 2CVE-2006-2702 – WordPress Core < 2.0.3 - IP Address Spoofing
https://notcve.org/view.php?id=CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. • http://retrogod.altervista.org/wordpress_202_xpl.html http://secunia.com/advisories/20271 http://secunia.com/advisories/20608 http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml http://www.osvdb.org/25935 http://www.securityfocus.com/archive/1/435039/100/0/threaded http://www.vupen.com/english/advisories/2006/1992 https://exchange.xforce.ibmcloud.com/vulnerabilities/26688 • CWE-348: Use of Less Trusted Source •
CVSS: 8.8EPSS: 12%CPEs: 1EXPL: 2CVE-2006-2667 – WordPress Core < 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. • https://www.exploit-db.com/exploits/6 http://retrogod.altervista.org/wordpress_202_xpl.html http://secunia.com/advisories/20271 http://secunia.com/advisories/20608 http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml http://www.osvdb.org/25777 http://www.securityfocus.com/archive/1/435039/100/0/threaded http://www.securityfocus.com/bid/18372 http://www.vupen.com/english/advisories/2006/1992 https://exchange.xforce.ibmcloud.com/vulnerabilities/26687 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-1263 – WordPress Core < 2.0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://wordpress.org/development/2006/03/security-202 http://www.securityfocus.com/bid/17069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5105 – WordPress Core < 2.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5105
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-register.php en WordPress 2.0 y 2.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user_email. • https://www.exploit-db.com/exploits/30602 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp http://securityreason.com/securityalert/3175 http://www.securityfocus.com/archive/1/480327/100/0/threaded http://www.securityfocus.com/bid/25769 https://exchange.xforce.ibmcloud.com/vulnerabilities/36742 https://exchange.xforce.ibmcloud.com/vulnerabilities/36743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •