Wordpress : Security Vulnerabilities, CVEs, Published In 2005 CVSS score >= 4
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
Max CVSS
7.5
EPSS Score
0.32%
Published
2005-05-20
Updated
2016-10-18
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
Max CVSS
7.5
EPSS Score
1.83%
Published
2005-06-01
Updated
2016-10-18
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-07-05
Updated
2016-10-18
CVE-2005-2612
Public exploit
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
Max CVSS
7.5
EPSS Score
83.18%
Published
2005-08-17
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
Max CVSS
6.8
EPSS Score
0.48%
Published
2005-05-02
Updated
2016-10-18
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
Max CVSS
5.0
EPSS Score
0.36%
Published
2005-05-20
Updated
2023-12-28
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
Max CVSS
5.0
EPSS Score
0.67%
Published
2005-07-05
Updated
2016-10-18
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
Max CVSS
5.0
EPSS Score
1.04%
Published
2005-07-05
Updated
2018-10-19
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.
Max CVSS
5.0
EPSS Score
0.60%
Published
2005-12-21
Updated
2018-10-19
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
Max CVSS
4.3
EPSS Score
0.35%
Published
2005-07-05
Updated
2016-10-18
10 vulnerabilities found