CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wordpress » Wordpress » 2.0.7 : Security Vulnerabilities

Cpe Name:cpe:/a:wordpress:wordpress:2.0.7
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2853 264 +Priv 2009-08-18 2017-11-16
10.0
None Remote Low Not required Complete Complete Complete
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.
2 CVE-2012-2399 XSS 2012-04-21 2017-12-18
10.0
None Remote Low Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
3 CVE-2012-2400 2012-04-21 2017-12-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
4 CVE-2008-4769 22 Dir. Trav. 2008-10-28 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
5 CVE-2008-5695 20 Exec Code 2008-12-19 2017-09-28
8.5
Admin Remote Medium Single system Complete Complete Complete
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
6 CVE-2007-4894 89 Exec Code Sql 2007-09-14 2017-07-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
7 CVE-2008-2146 264 Bypass 2008-05-12 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
8 CVE-2008-3747 264 2008-08-27 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
9 CVE-2011-4899 1 Exec Code Sql XSS 2012-01-30 2012-01-31
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments.
10 CVE-2018-20148 502 2018-12-14 2019-01-04
7.5
None Remote Low Not required Partial Partial Partial
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.
11 CVE-2007-6013 287 Bypass 2007-11-19 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
12 CVE-2007-6318 89 Exec Code Sql 2007-12-11 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
13 CVE-2012-1936 352 1 CSRF 2012-05-03 2017-12-13
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations.
14 CVE-2012-3384 352 CSRF 2012-07-22 2012-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
15 CVE-2013-7233 352 CSRF 2013-12-29 2013-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
16 CVE-2019-9787 352 Exec Code XSS CSRF 2019-03-14 2019-03-31
6.8
None Remote Medium Not required Partial Partial Partial
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
17 CVE-2010-5106 264 Bypass 2012-09-14 2012-09-17
6.5
None Remote Low Single system Partial Partial Partial
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
18 CVE-2017-1000600 20 Exec Code 2018-09-06 2018-10-26
6.5
None Remote Low Single system Partial Partial Partial
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9
19 CVE-2018-12895 22 Exec Code Dir. Trav. 2018-06-26 2018-08-20
6.5
None Remote Low Single system Partial Partial Partial
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.
20 CVE-2019-8942 94 Exec Code 2019-02-19 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
21 CVE-2008-0664 264 2008-02-07 2008-09-10
6.4
None Remote Low Not required Partial Partial None
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
22 CVE-2013-0235 2013-07-08 2013-07-08
6.4
None Remote Low Not required Partial Partial None
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
23 CVE-2014-0166 287 2014-04-09 2017-12-15
6.4
None Remote Low Not required Partial Partial None
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.
24 CVE-2010-5293 264 Bypass 2014-01-20 2014-01-21
5.8
None Remote Medium Not required Partial Partial None
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
25 CVE-2018-10100 601 2018-04-16 2018-05-18
5.8
None Remote Medium Not required Partial Partial None
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
26 CVE-2018-10101 601 2018-04-16 2018-06-02
5.8
None Remote Medium Not required Partial Partial None
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
27 CVE-2019-16220 601 2019-09-11 2019-09-12
5.8
None Remote Medium Not required Partial Partial None
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
28 CVE-2012-2402 264 Bypass 2012-04-21 2017-12-18
5.5
None Remote Low Single system None Partial Partial
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
29 CVE-2018-20147 287 Bypass 2018-12-14 2019-10-02
5.5
None Remote Low Single system None Partial Partial
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
30 CVE-2008-4106 20 2008-09-18 2018-10-11
5.1
User Remote High Not required Partial Partial Partial
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
31 CVE-2007-1409 +Info 2007-03-10 2018-10-16
5.0
None Remote Low Not required Partial None None
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
32 CVE-2009-2432 264 +Info 2009-07-10 2018-10-10
5.0
None Remote Low Not required Partial None None
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
33 CVE-2011-4898 200 1 +Info 2012-01-30 2012-01-31
5.0
None Remote Low Not required None None Partial
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective.
34 CVE-2011-4957 20 DoS 2012-06-27 2012-06-28
5.0
None Remote Low Not required None None Partial
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
35 CVE-2012-0937 1 DoS 2012-01-30 2012-01-31
5.0
None Remote Low Not required None None Partial
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
36 CVE-2012-2401 264 Bypass 2012-04-21 2017-12-18
5.0
None Remote Low Not required None Partial None
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
37 CVE-2012-3385 264 +Info 2012-07-22 2012-07-23
5.0
None Remote Low Not required Partial None None
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
38 CVE-2014-6412 640 2018-04-12 2018-05-17
5.0
None Remote Low Not required Partial None None
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
39 CVE-2018-20151 200 +Info 2018-12-14 2019-01-04
5.0
None Remote Low Not required Partial None None
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
40 CVE-2018-20152 20 Bypass 2018-12-14 2019-01-04
5.0
None Remote Low Not required None Partial None
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
41 CVE-2009-2334 287 1 DoS XSS +Info 2009-07-10 2018-10-10
4.9
None Remote Medium Single system Partial Partial None
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
42 CVE-2010-5296 264 Bypass 2014-01-20 2014-01-21
4.9
None Remote Medium Single system Partial Partial None
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.
43 CVE-2007-1049 XSS 2007-02-21 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
44 CVE-2007-1622 XSS 2007-03-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
45 CVE-2007-1894 XSS 2007-04-09 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
46 CVE-2007-4893 352 XSS 2007-09-14 2017-07-28
4.3
None Remote Medium Not required None Partial None
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
47 CVE-2008-3233 79 XSS 2008-07-18 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2008-5278 79 XSS 2008-11-28 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
49 CVE-2010-5294 79 XSS 2014-01-20 2014-01-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.
50 CVE-2010-5295 79 XSS 2014-01-20 2014-01-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.
Total number of vulnerabilities : 78   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.