Wordpress: >> Wordpress >> 1.2.2 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
CVSS Score
6.8
EPSS Score
0.005
Published
2006-04-17
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2006-03-19
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVSS Score
5.3
EPSS Score
0.006
Published
2005-05-20
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
CVSS Score
6.8
EPSS Score
0.014
Published
2005-05-02
Page 34