Wordpress : Security Vulnerabilities, CVEs, Published In April 2007
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
Max CVSS
6.5
EPSS Score
2.11%
Published
2007-04-09
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Max CVSS
4.3
EPSS Score
3.68%
Published
2007-04-09
Updated
2018-10-16
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Max CVSS
4.9
EPSS Score
0.37%
Published
2007-04-09
Updated
2017-07-29
3 vulnerabilities found