Wordpress : Security Vulnerabilities, CVEs, Published In November 2006
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
Max CVSS
4.0
EPSS Score
0.17%
Published
2006-11-21
Updated
2008-09-05
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
Max CVSS
4.0
EPSS Score
0.14%
Published
2006-11-21
Updated
2008-09-05
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
Max CVSS
6.0
EPSS Score
0.34%
Published
2006-11-04
Updated
2011-03-08
3 vulnerabilities found