Administrator-exploitable blind SQLi in WordPress 1.0

Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1 https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/ SQLI Potential Authentication Cookie Forgery https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be 2014-0166 AUTHBYPASS Privilege escalation: contributors publishing posts https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165 2014-0165 BYPASS wp-admin/options-writing.php Cleartext Admin Credentials Disclosure 101101 http://seclists.org/fulldisclosure/2013/Dec/135 AUTHBYPASS wp-admin/options-writing.php Cleartext Admin Credentials Disclosure 101101 http://seclists.org/fulldisclosure/2013/Dec/135 AUTHBYPASS PHP Object Injection http://vagosec.org/2013/09/wordpress-php-object-injection/ http://www.openwall.com/lists/oss-security/2013/09/12/1 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340 http://core.trac.wordpress.org/changeset/25325 54803 2013-4338 97211 UNKNOWN 3.6.1 wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness 97210 2013-5739 http://core.trac.wordpress.org/changeset/25322 XSS 3.6.1 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing 97213 2013-4340 54803 http://core.trac.wordpress.org/changeset/25321 UNKNOWN 3.6.1 wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness 97214 2013-5738 http://core.trac.wordpress.org/changeset/25322 XSS 3.6.1 Multiple Function Path Disclosure 100487 http://seclists.org/fulldisclosure/2013/Nov/220 UNKNOWN Multiple Script Arbitrary Site Redirect 101181 http://seclists.org/fulldisclosure/2013/Dec/174 REDIRECT 3.6.1 wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS 101182 http://seclists.org/fulldisclosure/2013/Dec/174 XSS 3.6.1 Media Library Multiple Function Path Disclosure 100484 http://websecurity.com.ua/6795/ FPD SWFUpload Content Spoofing http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html https://github.com/wpscanteam/wpscan/issues/243 UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure 95060 http://seclists.org/fulldisclosure/2013/Jul/70 FPD 3.5.2 WordPress 3.4-3.5.1 DoS in class-phpass.php http://seclists.org/fulldisclosure/2013/Jun/65 53676 94235 2013-2173 UNKNOWN WordPress Multiple XSS 94791 94785 94786 94790 XSS 3.5.2 WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness 94787 UNKNOWN 3.5.2 WordPress File Upload Unspecified Path Disclosure 94788 UNKNOWN 3.5.2 WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure 94789 XXE 3.5.2 WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation 94783 UNKNOWN 3.5.2 WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF) 94784 SSRF 3.5.2 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure 95060 http://seclists.org/fulldisclosure/2013/Jul/70 FPD 3.5.2 WordPress 3.4 - 3.5.1 DoS in class-phpass.php http://seclists.org/fulldisclosure/2013/Jun/65 53676 94235 2013-2173 UNKNOWN WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure 95060 http://seclists.org/fulldisclosure/2013/Jul/70 FPD 3.5.2 WordPress 3.4 - 3.5.1 DoS in class-phpass.php http://seclists.org/fulldisclosure/2013/Jun/65 53676 94235 2013-2173 UNKNOWN WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS WordPress 3.4.2 Cross Site Request Forgery http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html CSRF XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure 95060 http://seclists.org/fulldisclosure/2013/Jul/70 FPD 3.5.2 WordPress 3.4 - 3.5.1 DoS in class-phpass.php http://seclists.org/fulldisclosure/2013/Jun/65 53676 94235 2013-2173 UNKNOWN WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure 95060 http://seclists.org/fulldisclosure/2013/Jul/70 FPD 3.5.2 WordPress 3.4 - 3.5.1 DoS in class-phpass.php http://seclists.org/fulldisclosure/2013/Jun/65 53676 94235 2013-2173 UNKNOWN WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS Wordpress 3.3.1 Multiple CSRF Vulnerabilities 18791 CSRF XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3) https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues XSS Wordpress 3.3.1 Multiple CSRF Vulnerabilities 18791 CSRF WordPress 3.3.2 Cross Site Scripting http://packetstormsecurity.org/files/113254 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Multiple vulnerabilities including XSS and Privilege Escalation http://wordpress.org/news/2012/04/wordpress-3-3-2/ MULTI Wordpress 3.3.1 - Multiple CSRF Vulnerabilities 18791 CSRF XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Reflected Cross-Site Scripting in WordPress 3.3 http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html XSS XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 wp-admin/link-manager.php Multiple Parameter SQL Injection 73723 17465 45099 SQLI 3.1.4 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 Wordpress <= 3.1.2 Clickjacking Vulnerability http://seclists.org/fulldisclosure/2011/Sep/219 http://www.securityfocus.com/bid/49730 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS 72142 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 SQL injection vulnerability in do_trackbacks() Wordpress function 15684 SQLI Wordpress 3.0.3 stored XSS IE7,6 NS8.1 15858 XSS XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress XML-RPC Interface Access Restriction Bypass 69761 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 WordPress: Information Disclosure via SQL Injection Attack http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/ SQLI XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 wp-includes/comment.php bypass intended spam restrictions via a crafted URL 104693 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-admin/press-this.php - Privilege Escalation 2011-5270 UNKNOWN 3.0.6 Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php 2012-6633 XSS 3.3.3 wp-admin/media-upload.php sensitive information disclosure or bypass 2012-6634 MULTI 3.3.3 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft 2012-6635 UNKNOWN 3.3.3 wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 104691 2010-5297 AUTHBYPASS 3.0.1 Crafted String URL Redirect Restriction Bypass 97212 2013-4339 54803 28958 http://packetstormsecurity.com/files/123589/ http://core.trac.wordpress.org/changeset/25323 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609 REDIRECT 3.6.1 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 104693 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.9 Failure to Restrict URL Access 11441 UNKNOWN Wordpress DOS <= 2.9 11441 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution 10089 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability 9410 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit 9250 XSS XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit 6421 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress 2.5 Cookie Integrity Protection Vulnerability http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded 2008-1930 UNKNOWN XSS vulnerability in swfupload in WordPress http://seclists.org/fulldisclosure/2012/Nov/51 XSS XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning http://www.securityfocus.com/bid/35584/ UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN Wordpress <= 2.3.1 Charset Remote SQL Injection Vulnerability 4721 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit 4113 UNKNOWN Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit 4039 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit 3960 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN WordPress "year" Cross-Site Scripting Vulnerability 24485 http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded XSS Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit 3656 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN WordPress Command Execution and PHP Injection 2007-1277 24374 http://www.securityfocus.com/bid/22797 http://xforce.iss.net/xforce/xfdb/32807 RCE 2.1.2 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit 3109 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit 3095 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/18779 SQLI wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/18779 SQLI wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit 6 UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/18779 SQLI wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability http://www.securityfocus.com/bid/35584/ UNKNOWN XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN wp-includes/comment.php bypass intended spam restrictions via a crafted URL 2010-5293 UNKNOWN 3.0.2 Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php 2010-5294 XSS 3.0.2 Cross-site scripting (XSS) in wp-admin/plugins.php 2010-5295 XSS 3.0.2 wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. 2010-5296 AUTHBYPASS 3.0.2 When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. 2010-5297 AUTHBYPASS 3.0 Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 Wordpress <= 1.5.1.3 Remote Code Execution eXploit (metasploit) 1145 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit 17636 17637 17638 17639 17640 17641 2005-2108 1077 15831 15898 SQLI 1.5.1.3 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit 1059 SQLI WordPress <= 1.5.1.1 SQL Injection Exploit 1033 SQLI XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN Wordpress wp-register.php Multiple Parameter XSS 38577 XSS 2.0.2 XMLRPC Pingback API Internal/External Port Scanning https://github.com/FireFart/WordpressPingbackPortScanner UNKNOWN WordPress XMLRPC pingback additional issues http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html UNKNOWN WordPress wp-trackback.php tb_id Parameter SQL Injection 2005-1687 16701 16702 16703 SQLI 1.5.1 WordPress post.php p Parameter XSS 16702 16701 16703 XSS 1.5.1 WordPress Multiple Script Direct Request Path Disclosure 2005-1688 16703 16701 16702 UNKNOWN 1.5.1 WordPress Cross-Site Scripting and SQL Injection Vulnerabilities 16478 15324 MULTI 1.5.1 WordPress template-functions-post.php Multiple Field XSS 2005-1102 15643 XSS