Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  Security Vulnerabilities
CVE-2005-2109
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
CVSS Score
5.0
EPSS Score
0.011
Published
2005-07-05
CVE-2005-2110
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
CVSS Score
5.0
EPSS Score
0.012
Published
2005-07-05
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
CVSS Score
7.5
EPSS Score
0.016
Published
2005-06-01
CVE-2005-1687
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2005-05-20
CVE-2005-1688
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVSS Score
5.3
EPSS Score
0.006
Published
2005-05-20
CVE-2005-1102
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
CVSS Score
6.8
EPSS Score
0.014
Published
2005-05-02
CVE-2004-1559
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
CVSS Score
4.3
EPSS Score
0.013
Published
2004-12-31
CVE-2004-1584
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
CVSS Score
5.0
EPSS Score
0.16
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved