Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

wordpress wordpress 2.2 revision5002 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2008-0193

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and previous versions, and possibly 2.1.x up to and including 2.3.x, allows remote malicious users to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-a...
Wordpress WordpressWordpress Wordpress 2.1Wordpress Wordpress 2.1.1Wordpress Wordpress 2.1.2Wordpress Wordpress 2.1.3Wordpress Wordpress 2.1.3 Rc1Wordpress Wordpress 2.1.3 Rc2Wordpress Wordpress 2.2Wordpress Wordpress 2.2.0Wordpress Wordpress 2.2.1Wordpress Wordpress 2.2.2Wordpress Wordpress 2.2.3
4.3
CVSSv2

CVE-2007-1894

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress prior to 20070309 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.1Wordpress Wordpress 2.1.1Wordpress Wordpress 2.1.2Wordpress Wordpress 2.2 Revision5002
6.8
CVSSv2

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a...
Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.10Wordpress Wordpress 2.0.10 Rc1Wordpress Wordpress 2.0.10 Rc2Wordpress Wordpress 2.1.1
4.3
CVSSv2

CVE-2007-4893

wp-admin/admin-functions.php in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2...
Wordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 2.0
7.5
CVSSv2

CVE-2007-4894

Multiple SQL injection vulnerabilities in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a allow remote malicious users to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and ...
Wordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 2.0
6.4
CVSSv2

CVE-2008-0664

The XML-RPC implementation (xmlrpc.php) in WordPress prior to 2.3.3, when registration is enabled, allows remote malicious users to edit posts of other blog users via unknown vectors.
Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.3.1Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.2Wordpress Wordpress 2.0
7.5
CVSSv2

CVE-2008-2146

wp-includes/vars.php in Wordpress prior to 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote malicious users to bypass intended access restrictions for certain pages.
Wordpress WordpressWordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 0.711Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2
4.3
CVSSv2

CVE-2008-3233

Cross-site scripting (XSS) vulnerability in WordPress prior to 2.6, SVN development versions only, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress WordpressWordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 0.711Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2
9.3
CVSSv2

CVE-2008-4769

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and previous versions, and 2.5, allows remote malicious users to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of ...
Wordpress WordpressWordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 0.71-goldWordpress Wordpress 0.72Wordpress Wordpress 0.711Wordpress Wordpress 1.0Wordpress Wordpress 1.0-platinumWordpress Wordpress 1.0.1Wordpress Wordpress 1.0.1-miles
4.3
CVSSv2

CVE-2008-5278

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress prior to 2.6.5 allows remote malicious users to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Wordpress WordpressWordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress 0.7Wordpress Wordpress 0.71Wordpress Wordpress 0.71-goldWordpress Wordpress 0.72Wordpress Wordpress 0.711Wordpress Wordpress 1.0Wordpress Wordpress 1.0-platinumWordpress Wordpress 1.0.1Wordpress Wordpress 1.0.1-miles
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46485cross-site scriptingCVE-2025-34028sherpaCVE-2025-46506cross-site request forgerycovid-19 (coronavirus) update your customerscameraCVE-2025-46489availability calendarbas mattheeCVE-2025-46502CVE-2025-32433
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook