WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
| Max Base Score | 4.0 |
| Published | 2008-11-17 |
| Updated | 2017-08-08 |
| EPSS | 0.17% |
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
| Max Base Score | 7.5 |
| Published | 2008-01-10 |
| Updated | 2018-10-15 |
| EPSS | 1.01% |
2 vulnerabilities found