Wordpress : Security Vulnerabilities, CVEs, Published In May 2008

CVE-2008-2510

SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-05-29
Updated
2018-10-11

CVE-2008-2392

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
Max CVSS
9.0
EPSS Score
0.19%
Published
2008-05-21
Updated
2018-10-31

CVE-2008-2146

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
Max CVSS
7.5
EPSS Score
0.90%
Published
2008-05-12
Updated
2017-08-08

CVE-2008-2068

Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-05-02
Updated
2017-08-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close