Wordpress : Security Vulnerabilities, CVEs, Published In April 2008
SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-04-30
Updated
2017-08-08
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-04-27
Updated
2017-09-29
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
Max CVSS
7.5
EPSS Score
1.24%
Published
2008-04-28
Updated
2018-10-11
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-04-02
Updated
2017-09-29
4 vulnerabilities found