National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:wordpress:wordpress:2.1:beta1
There are 183 matching records.
Displaying matches 181 through 183.
Vuln ID Summary CVSS Severity

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

Published: March 10, 2007; 05:19:00 PM -05:00
V2: 5.0 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

Published: March 03, 2007; 02:19:00 PM -05:00
V2: 6.8 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

Published: March 02, 2007; 05:19:00 PM -05:00
V2: 5.8 MEDIUM