Wordpress : Security Vulnerabilities, CVEs, Published In May 2006
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
Max CVSS
5.0
EPSS Score
2.46%
Published
2006-05-31
Updated
2018-10-18
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
Max CVSS
7.5
EPSS Score
12.80%
Published
2006-05-30
Updated
2018-10-18
2 vulnerabilities found