VuXML ID | Description |
0838733d-1698-11dc-a197-0011098b2f36 | wordpress -- XMLRPC SQL Injection
Secunia reports:
Slappter has discovered a vulnerability in WordPress, which can
be exploited by malicious users to conduct SQL injection
attacks.
Input passed to the "wp.suggestCategories" method in xmlrpc.php
is not properly sanitised before being used in SQL queries. This
can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
Successful exploitation allows e.g. retrieving usernames and
password hashes, but requires valid user credentials and knowledge
of the database table prefix.
Discovery 2007-06-06 Entry 2007-06-09 Modified 2007-06-24 wordpress
de-wordpress
zh-wordpress
< 2.2.1
24344
http://secunia.com/advisories/25552/
|
5e135178-8aeb-11e4-801f-0022156e8794 | wordpress -- multiple vulnerabilities
MITRE reports:
wp-login.php in WordPress before 3.7.5, 3.8.x before
3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow
remote attackers to reset passwords by leveraging access to
an e-mail account that received a password-reset message.
wp-includes/http.php in WordPress before 3.7.5, 3.8.x
before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1
allows remote attackers to conduct server-side request
forgery (SSRF) attacks by referring to a 127.0.0.0/8
resource.
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before
3.9.3, and 4.x before 4.0.1 might allow remote attackers to
obtain access to an account idle since 2008 by leveraging an
improper PHP dynamic type comparison for an MD5 hash.
Cross-site scripting (XSS) vulnerability in WordPress
before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and
4.x before 4.0.1 allows remote attackers to inject arbitrary
web script or HTML via a crafted Cascading Style Sheets
(CSS) token sequence in a post.
Cross-site scripting (XSS) vulnerability in Press This in
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before
3.9.3, and 4.x before 4.0.1 allows remote attackers to
inject arbitrary web script or HTML via unspecified
vectors
wp-includes/class-phpass.php in WordPress before 3.7.5,
3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1
allows remote attackers to cause a denial of service (CPU
consumption) via a long password that is improperly handled
during hashing, a similar issue to CVE-2014-9016.
Cross-site request forgery (CSRF) vulnerability in
wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0
allows remote attackers to hijack the authentication of
arbitrary users for requests that reset passwords.
Discovery 2014-11-25 Entry 2015-01-05 wordpress
< 3.7.5,1
ge 3.8,1 lt 3.8.5,1
ge 3.9,1 lt 3.9.3,1
ge 4.0,1 lt 4.0.1,1
zh-wordpress
< 3.7.5
ge 3.8 lt 3.8.5
ge 3.9 lt 3.9.3
ge 4.0 lt 4.0.1
de-wordpress
< 3.7.5
ge 3.8 lt 3.8.5
ge 3.9 lt 3.9.3
ge 4.0 lt 4.0.1
ja-wordpress
< 3.7.5
ge 3.8 lt 3.8.5
ge 3.9 lt 3.9.3
ge 4.0 lt 4.0.1
ru-wordpress
< 3.7.5
ge 3.8 lt 3.8.5
ge 3.9 lt 3.9.3
ge 4.0 lt 4.0.1
CVE-2014-9033
CVE-2014-9034
CVE-2014-9035
CVE-2014-9036
CVE-2014-9037
CVE-2014-9038
CVE-2014-9039
|
622bc638-be27-11dd-a578-0030843d3802 | wordpress -- header rss feed script insertion vulnerability
Secunia reports:
Input passed via the HTTP "Host" header is not properly sanitised
before being used. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected site
if malicious data is viewed.
Discovery 2008-11-26 Entry 2008-11-29 Modified 2010-05-02 wordpress
de-wordpress
wordpress-mu
< 2.6.5
zh-wordpress
gt 0
CVE-2008-5278
http://secunia.com/advisories/32882/
http://wordpress.org/development/2008/11/wordpress-265/
|
63347ee7-6841-11dc-82b6-02e0185f8d72 | wordpress -- remote sql injection vulnerability
Alexander Concha reports:
While testing WordPress, it has been discovered a SQL
Injection vulnerability that allows an attacker to retrieve
remotely any user credentials from a vulnerable site, this
bug is caused because of early database escaping and the
lack of validation in query string like parameters.
Discovery 2007-09-10 Entry 2007-09-21 wordpress
< 2.2.3,1
de-wordpress
zh-wordpress
< 2.2.3
wordpress-mu
< 1.2.4,2
CVE-2007-4894
http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html
|
6a31cbe3-1695-11dc-a197-0011098b2f36 | wordpress -- unmoderated comments disclosure
Blogsecurity reports:
An attacker can read comments on posts that have not been
moderated. This can be a real security risk if blog admins
are using unmoderated comments (comments that have not been
made public) to hide sensitive notes regarding posts, future
work, passwords etc. So please be careful if you are one of
these blog admins.
Discovery 2007-06-01 Entry 2007-06-09 Modified 2007-08-16 wordpress
de-wordpress
zh-wordpress
< 2.2.2
http://blogsecurity.net/news/news-310507/
|
884fced7-7f1c-11dd-a66a-0019666436c2 | wordpress -- remote privilege escalation
The Wordpress development team reports:
With open registration enabled, it is possible in WordPress
versions 2.6.1 and earlier to craft a username such that it
will allow resetting another users password to a randomly
generated password. The randomly generated password is not
disclosed to the attacker, so this problem by itself is annoying
but not a security exploit. However, this attack coupled with a
weakness in the random number seeding in mt_rand() could be used
to predict the randomly generated password.
Discovery 2008-09-08 Entry 2008-10-22 Modified 2010-05-12 wordpress
de-wordpress
wordpress-mu
< 2.6.2
zh-wordpress
gt 0
31068
CVE-2008-4107
http://wordpress.org/development/2008/09/wordpress-262/
|
a467d0f9-8875-11dc-b3ba-0016179b2dd5 | wordpress -- cross-site scripting
A Secunia Advisory report:
Input passed to the "posts_columns" parameter in
wp-admin/edit-post-rows.php is not properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in
context of an affected site.
Discovery 2007-10-29 Entry 2007-11-01 wordpress
de-wordpress
< 2.3.1
zh-wordpress
gt 0
CVE-2007-5710
http://secunia.com/advisories/27407
http://wordpress.org/development/2007/10/wordpress-231/
|