Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

wordpress wordpress 2.0.5 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2

CVE-2006-4743

WordPress 2.0.2 up to and including 2.0.5 allows remote malicious users to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dot...
Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5
5
CVSSv2

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and previous versions displays different error messages if a user exists or not, which allows remote malicious users to obtain sensitive information and facilitates brute force attacks.
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5
6.8
CVSSv2

CVE-2007-0106

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress prior to 2.0.6 allows remote malicious users to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not p...
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5
5
CVSSv2

CVE-2007-1409

WordPress allows remote malicious users to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.1Wordpress Wordpress 2.1.1
6.8
CVSSv2

CVE-2013-7233

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that move comments to the moderation l...
Wordpress WordpressWordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.8Wordpress Wordpress 2.0.9Wordpress Wordpress 2.0.10
4.3
CVSSv2

CVE-2007-1894

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress prior to 20070309 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.1Wordpress Wordpress 2.1.1Wordpress Wordpress 2.1.2Wordpress Wordpress 2.2 Revision5002
4.3
CVSSv2

CVE-2007-1622

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress prior to 2.0.10 RC2, and prior to 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interfa...
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.10Wordpress Wordpress 2.0.10 Rc1Wordpress Wordpress 2.1Wordpress Wordpress 2.1.1
7.5
CVSSv2

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary SQL commands vi...
Wordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.2
4.3
CVSSv2

CVE-2007-1049

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 prior to 2.0.9 and 2.1 prior to 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via the file parameter...
Wordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 1.2.2Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.2Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1
6.8
CVSSv2

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a...
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.10Wordpress Wordpress 2.0.10 Rc1Wordpress Wordpress 2.0.10 Rc2Wordpress Wordpress 2.1.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46656unknownCVE-2025-46577CVE-2025-32979paicodingXPath injectionhackmdCVE-2025-3643opplusCSRFlocal usersCVE-2025-32433CVE-2025-32432
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook