597 lines
239 KiB
JSON
597 lines
239 KiB
JSON
|
|
|
|
|
|
|
|
|
|
<!DOCTYPE html>
|
|
<html class=" ">
|
|
<head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# object: http://ogp.me/ns/object# article: http://ogp.me/ns/article# profile: http://ogp.me/ns/profile#">
|
|
<meta charset='utf-8'>
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
|
|
|
|
<title>wpscan/wp_vulns.json at master · wpvulndb/wpscan · GitHub</title>
|
|
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub">
|
|
<link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub">
|
|
<link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-114.png">
|
|
<link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icon-114.png">
|
|
<link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-144.png">
|
|
<link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icon-144.png">
|
|
<meta property="fb:app_id" content="1401488693436528">
|
|
|
|
<meta content="@github" name="twitter:site" /><meta content="summary" name="twitter:card" /><meta content="wpvulndb/wpscan" name="twitter:title" /><meta content="wpscan - WPScan is a black box WordPress vulnerability scanner." name="twitter:description" /><meta content="https://avatars3.githubusercontent.com/u/7658332?v=1&s=400" name="twitter:image:src" />
|
|
<meta content="GitHub" property="og:site_name" /><meta content="object" property="og:type" /><meta content="https://avatars3.githubusercontent.com/u/7658332?v=1&s=400" property="og:image" /><meta content="wpvulndb/wpscan" property="og:title" /><meta content="https://github.com/wpvulndb/wpscan" property="og:url" /><meta content="wpscan - WPScan is a black box WordPress vulnerability scanner." property="og:description" />
|
|
|
|
<link rel="assets" href="https://assets-cdn.github.com/">
|
|
<link rel="conduit-xhr" href="https://ghconduit.com:25035">
|
|
|
|
|
|
<meta name="msapplication-TileImage" content="/windows-tile.png">
|
|
<meta name="msapplication-TileColor" content="#ffffff">
|
|
<meta name="selected-link" value="repo_source" data-pjax-transient>
|
|
<meta name="google-analytics" content="UA-3769691-2">
|
|
|
|
<meta content="collector.githubapp.com" name="octolytics-host" /><meta content="collector-cdn.github.com" name="octolytics-script-host" /><meta content="github" name="octolytics-app-id" /><meta content="57641416:6942:1FC1292:53DA0FD3" name="octolytics-dimension-request_id" />
|
|
|
|
|
|
|
|
|
|
<link rel="icon" type="image/x-icon" href="https://assets-cdn.github.com/favicon.ico">
|
|
|
|
|
|
<meta content="authenticity_token" name="csrf-param" />
|
|
<meta content="dkmeCZjvidrMpbD49NK4XuQExXg0bjNsqO75vb0e2OPrgL1EjxZwDCtarhZe0x4JDVrJKURjsdTiSGp9kJ458Q==" name="csrf-token" />
|
|
|
|
<link href="https://assets-cdn.github.com/assets/github-dd4a229825aae7299906cd058e89e2c52cf3a009.css" media="all" rel="stylesheet" type="text/css" />
|
|
<link href="https://assets-cdn.github.com/assets/github2-f3bad37be00e388dc02cd262b28d126a0c904933.css" media="all" rel="stylesheet" type="text/css" />
|
|
|
|
|
|
|
|
<meta http-equiv="x-pjax-version" content="45f3379ec045b558e37e74937d0c6ddc">
|
|
|
|
|
|
<meta name="description" content="wpscan - WPScan is a black box WordPress vulnerability scanner.">
|
|
|
|
|
|
<meta content="7658332" name="octolytics-dimension-user_id" /><meta content="wpvulndb" name="octolytics-dimension-user_login" /><meta content="21381172" name="octolytics-dimension-repository_id" /><meta content="wpvulndb/wpscan" name="octolytics-dimension-repository_nwo" /><meta content="true" name="octolytics-dimension-repository_public" /><meta content="true" name="octolytics-dimension-repository_is_fork" /><meta content="4994614" name="octolytics-dimension-repository_parent_id" /><meta content="wpscanteam/wpscan" name="octolytics-dimension-repository_parent_nwo" /><meta content="4994614" name="octolytics-dimension-repository_network_root_id" /><meta content="wpscanteam/wpscan" name="octolytics-dimension-repository_network_root_nwo" />
|
|
|
|
<link href="https://github.com/wpvulndb/wpscan/commits/master.atom" rel="alternate" title="Recent Commits to wpscan:master" type="application/atom+xml">
|
|
|
|
</head>
|
|
|
|
|
|
<body class="logged_out env-production vis-public fork page-blob">
|
|
<a href="#start-of-content" tabindex="1" class="accessibility-aid js-skip-to-content">Skip to content</a>
|
|
<div class="wrapper">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="header header-logged-out">
|
|
<div class="container clearfix">
|
|
|
|
<a class="header-logo-wordmark" href="https://github.com/">
|
|
<span class="mega-octicon octicon-logo-github"></span>
|
|
</a>
|
|
|
|
<div class="header-actions">
|
|
<a class="button primary" href="/join">Sign up</a>
|
|
<a class="button signin" href="/login?return_to=%2Fwpvulndb%2Fwpscan%2Fblob%2Fmaster%2Fdata%2Fwp_vulns.json">Sign in</a>
|
|
</div>
|
|
|
|
<div class="command-bar js-command-bar in-repository">
|
|
|
|
<ul class="top-nav">
|
|
<li class="explore"><a href="/explore">Explore</a></li>
|
|
<li class="features"><a href="/features">Features</a></li>
|
|
<li class="enterprise"><a href="https://enterprise.github.com/">Enterprise</a></li>
|
|
<li class="blog"><a href="/blog">Blog</a></li>
|
|
</ul>
|
|
<form accept-charset="UTF-8" action="/search" class="command-bar-form" id="top_search_form" method="get">
|
|
|
|
<div class="commandbar">
|
|
<span class="message"></span>
|
|
<input type="text" data-hotkey="s, /" name="q" id="js-command-bar-field" placeholder="Search or type a command" tabindex="1" autocapitalize="off"
|
|
|
|
|
|
data-repo="wpvulndb/wpscan"
|
|
>
|
|
<div class="display hidden"></div>
|
|
</div>
|
|
|
|
<input type="hidden" name="nwo" value="wpvulndb/wpscan">
|
|
|
|
<div class="select-menu js-menu-container js-select-menu search-context-select-menu">
|
|
<span class="minibutton select-menu-button js-menu-target" role="button" aria-haspopup="true">
|
|
<span class="js-select-button">This repository</span>
|
|
</span>
|
|
|
|
<div class="select-menu-modal-holder js-menu-content js-navigation-container" aria-hidden="true">
|
|
<div class="select-menu-modal">
|
|
|
|
<div class="select-menu-item js-navigation-item js-this-repository-navigation-item selected">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<input type="radio" class="js-search-this-repository" name="search_target" value="repository" checked="checked">
|
|
<div class="select-menu-item-text js-select-button-text">This repository</div>
|
|
</div> <!-- /.select-menu-item -->
|
|
|
|
<div class="select-menu-item js-navigation-item js-all-repositories-navigation-item">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<input type="radio" name="search_target" value="global">
|
|
<div class="select-menu-item-text js-select-button-text">All repositories</div>
|
|
</div> <!-- /.select-menu-item -->
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<span class="help tooltipped tooltipped-s" aria-label="Show command bar help">
|
|
<span class="octicon octicon-question"></span>
|
|
</span>
|
|
|
|
|
|
<input type="hidden" name="ref" value="cmdform">
|
|
|
|
</form>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div id="start-of-content" class="accessibility-aid"></div>
|
|
<div class="site" itemscope itemtype="http://schema.org/WebPage">
|
|
<div id="js-flash-container">
|
|
|
|
</div>
|
|
<div class="pagehead repohead instapaper_ignore readability-menu">
|
|
<div class="container">
|
|
|
|
<ul class="pagehead-actions">
|
|
|
|
|
|
<li>
|
|
<a href="/login?return_to=%2Fwpvulndb%2Fwpscan"
|
|
class="minibutton with-count star-button tooltipped tooltipped-n"
|
|
aria-label="You must be signed in to star a repository" rel="nofollow">
|
|
<span class="octicon octicon-star"></span>
|
|
Star
|
|
</a>
|
|
|
|
<a class="social-count js-social-count" href="/wpvulndb/wpscan/stargazers">
|
|
0
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li>
|
|
<a href="/login?return_to=%2Fwpvulndb%2Fwpscan"
|
|
class="minibutton with-count js-toggler-target fork-button tooltipped tooltipped-n"
|
|
aria-label="You must be signed in to fork a repository" rel="nofollow">
|
|
<span class="octicon octicon-repo-forked"></span>
|
|
Fork
|
|
</a>
|
|
<a href="/wpvulndb/wpscan/network" class="social-count">
|
|
122
|
|
</a>
|
|
</li>
|
|
</ul>
|
|
|
|
<h1 itemscope itemtype="http://data-vocabulary.org/Breadcrumb" class="entry-title public">
|
|
<span class="mega-octicon octicon-repo-forked"></span>
|
|
<span class="author"><a href="/wpvulndb" class="url fn" itemprop="url" rel="author"><span itemprop="title">wpvulndb</span></a></span><!--
|
|
--><span class="path-divider">/</span><!--
|
|
--><strong><a href="/wpvulndb/wpscan" class="js-current-repository js-repo-home-link">wpscan</a></strong>
|
|
|
|
<span class="page-context-loader">
|
|
<img alt="" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
|
|
</span>
|
|
|
|
<span class="fork-flag">
|
|
<span class="text">forked from <a href="/wpscanteam/wpscan">wpscanteam/wpscan</a></span>
|
|
</span>
|
|
</h1>
|
|
</div><!-- /.container -->
|
|
</div><!-- /.repohead -->
|
|
|
|
<div class="container">
|
|
<div class="repository-with-sidebar repo-container new-discussion-timeline ">
|
|
<div class="repository-sidebar clearfix">
|
|
|
|
|
|
<div class="sunken-menu vertical-right repo-nav js-repo-nav js-repository-container-pjax js-octicon-loaders" data-issue-count-url="/wpvulndb/wpscan/issues/counts">
|
|
<div class="sunken-menu-contents">
|
|
<ul class="sunken-menu-group">
|
|
<li class="tooltipped tooltipped-w" aria-label="Code">
|
|
<a href="/wpvulndb/wpscan" aria-label="Code" class="selected js-selected-navigation-item sunken-menu-item" data-hotkey="g c" data-pjax="true" data-selected-links="repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches /wpvulndb/wpscan">
|
|
<span class="octicon octicon-code"></span> <span class="full-word">Code</span>
|
|
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
|
|
</a> </li>
|
|
|
|
|
|
<li class="tooltipped tooltipped-w" aria-label="Pull Requests">
|
|
<a href="/wpvulndb/wpscan/pulls" aria-label="Pull Requests" class="js-selected-navigation-item sunken-menu-item js-disable-pjax" data-hotkey="g p" data-selected-links="repo_pulls /wpvulndb/wpscan/pulls">
|
|
<span class="octicon octicon-git-pull-request"></span> <span class="full-word">Pull Requests</span>
|
|
<span class="js-pull-replace-counter"></span>
|
|
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
|
|
</a> </li>
|
|
|
|
|
|
</ul>
|
|
<div class="sunken-menu-separator"></div>
|
|
<ul class="sunken-menu-group">
|
|
|
|
<li class="tooltipped tooltipped-w" aria-label="Pulse">
|
|
<a href="/wpvulndb/wpscan/pulse" aria-label="Pulse" class="js-selected-navigation-item sunken-menu-item" data-pjax="true" data-selected-links="pulse /wpvulndb/wpscan/pulse">
|
|
<span class="octicon octicon-pulse"></span> <span class="full-word">Pulse</span>
|
|
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
|
|
</a> </li>
|
|
|
|
<li class="tooltipped tooltipped-w" aria-label="Graphs">
|
|
<a href="/wpvulndb/wpscan/graphs" aria-label="Graphs" class="js-selected-navigation-item sunken-menu-item" data-pjax="true" data-selected-links="repo_graphs repo_contributors /wpvulndb/wpscan/graphs">
|
|
<span class="octicon octicon-graph"></span> <span class="full-word">Graphs</span>
|
|
<img alt="" class="mini-loader" height="16" src="https://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif" width="16" />
|
|
</a> </li>
|
|
</ul>
|
|
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div class="only-with-full-nav">
|
|
|
|
|
|
|
|
|
|
<div class="clone-url open"
|
|
data-protocol-type="http"
|
|
data-url="/users/set_protocol?protocol_selector=http&protocol_type=clone">
|
|
<h3><strong>HTTPS</strong> clone URL</h3>
|
|
<div class="input-group">
|
|
<input type="text" class="input-mini input-monospace js-url-field"
|
|
value="https://github.com/wpvulndb/wpscan.git" readonly="readonly">
|
|
<span class="input-group-button">
|
|
<button aria-label="Copy to clipboard" class="js-zeroclipboard minibutton zeroclipboard-button" data-clipboard-text="https://github.com/wpvulndb/wpscan.git" data-copied-hint="Copied!" type="button"><span class="octicon octicon-clippy"></span></button>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="clone-url "
|
|
data-protocol-type="subversion"
|
|
data-url="/users/set_protocol?protocol_selector=subversion&protocol_type=clone">
|
|
<h3><strong>Subversion</strong> checkout URL</h3>
|
|
<div class="input-group">
|
|
<input type="text" class="input-mini input-monospace js-url-field"
|
|
value="https://github.com/wpvulndb/wpscan" readonly="readonly">
|
|
<span class="input-group-button">
|
|
<button aria-label="Copy to clipboard" class="js-zeroclipboard minibutton zeroclipboard-button" data-clipboard-text="https://github.com/wpvulndb/wpscan" data-copied-hint="Copied!" type="button"><span class="octicon octicon-clippy"></span></button>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<p class="clone-options">You can clone with
|
|
<a href="#" class="js-clone-selector" data-protocol="http">HTTPS</a>
|
|
or <a href="#" class="js-clone-selector" data-protocol="subversion">Subversion</a>.
|
|
<a href="https://help.github.com/articles/which-remote-url-should-i-use" class="help tooltipped tooltipped-n" aria-label="Get help on which URL is right for you.">
|
|
<span class="octicon octicon-question"></span>
|
|
</a>
|
|
</p>
|
|
|
|
|
|
|
|
<a href="/wpvulndb/wpscan/archive/master.zip"
|
|
class="minibutton sidebar-button"
|
|
aria-label="Download wpvulndb/wpscan as a zip file"
|
|
title="Download wpvulndb/wpscan as a zip file"
|
|
rel="nofollow">
|
|
<span class="octicon octicon-cloud-download"></span>
|
|
Download ZIP
|
|
</a>
|
|
</div>
|
|
</div><!-- /.repository-sidebar -->
|
|
|
|
<div id="js-repo-pjax-container" class="repository-content context-loader-container" data-pjax-container>
|
|
|
|
|
|
|
|
<a href="/wpvulndb/wpscan/blob/88990fd78fc562b0631aae9427203afe0e0e1a02/data/wp_vulns.json" class="hidden js-permalink-shortcut" data-hotkey="y">Permalink</a>
|
|
|
|
<!-- blob contrib key: blob_contributors:v21:9241b9885168cdfbbc3f94c350196f96 -->
|
|
|
|
<div class="file-navigation">
|
|
|
|
|
|
<div class="select-menu js-menu-container js-select-menu" >
|
|
<span class="minibutton select-menu-button js-menu-target css-truncate" data-hotkey="w"
|
|
data-master-branch="master"
|
|
data-ref="master"
|
|
title="master"
|
|
role="button" aria-label="Switch branches or tags" tabindex="0" aria-haspopup="true">
|
|
<span class="octicon octicon-git-branch"></span>
|
|
<i>branch:</i>
|
|
<span class="js-select-button css-truncate-target">master</span>
|
|
</span>
|
|
|
|
<div class="select-menu-modal-holder js-menu-content js-navigation-container" data-pjax aria-hidden="true">
|
|
|
|
<div class="select-menu-modal">
|
|
<div class="select-menu-header">
|
|
<span class="select-menu-title">Switch branches/tags</span>
|
|
<span class="octicon octicon-x js-menu-close" role="button" aria-label="Close"></span>
|
|
</div> <!-- /.select-menu-header -->
|
|
|
|
<div class="select-menu-filters">
|
|
<div class="select-menu-text-filter">
|
|
<input type="text" aria-label="Filter branches/tags" id="context-commitish-filter-field" class="js-filterable-field js-navigation-enable" placeholder="Filter branches/tags">
|
|
</div>
|
|
<div class="select-menu-tabs">
|
|
<ul>
|
|
<li class="select-menu-tab">
|
|
<a href="#" data-tab-filter="branches" class="js-select-menu-tab">Branches</a>
|
|
</li>
|
|
<li class="select-menu-tab">
|
|
<a href="#" data-tab-filter="tags" class="js-select-menu-tab">Tags</a>
|
|
</li>
|
|
</ul>
|
|
</div><!-- /.select-menu-tabs -->
|
|
</div><!-- /.select-menu-filters -->
|
|
|
|
<div class="select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket" data-tab-filter="branches">
|
|
|
|
<div data-filterable-for="context-commitish-filter-field" data-filterable-type="substring">
|
|
|
|
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/blob/gh-pages/data/wp_vulns.json"
|
|
data-name="gh-pages"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="gh-pages">gh-pages</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
<div class="select-menu-item js-navigation-item selected">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/blob/master/data/wp_vulns.json"
|
|
data-name="master"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="master">master</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
</div>
|
|
|
|
<div class="select-menu-no-results">Nothing to show</div>
|
|
</div> <!-- /.select-menu-list -->
|
|
|
|
<div class="select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket" data-tab-filter="tags">
|
|
<div data-filterable-for="context-commitish-filter-field" data-filterable-type="substring">
|
|
|
|
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/tree/2.4.1/data/wp_vulns.json"
|
|
data-name="2.4.1"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="2.4.1">2.4.1</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/tree/2.4/data/wp_vulns.json"
|
|
data-name="2.4"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="2.4">2.4</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/tree/2.3/data/wp_vulns.json"
|
|
data-name="2.3"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="2.3">2.3</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/tree/2.2/data/wp_vulns.json"
|
|
data-name="2.2"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="2.2">2.2</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
<div class="select-menu-item js-navigation-item ">
|
|
<span class="select-menu-item-icon octicon octicon-check"></span>
|
|
<a href="/wpvulndb/wpscan/tree/2.1/data/wp_vulns.json"
|
|
data-name="2.1"
|
|
data-skip-pjax="true"
|
|
rel="nofollow"
|
|
class="js-navigation-open select-menu-item-text css-truncate-target"
|
|
title="2.1">2.1</a>
|
|
</div> <!-- /.select-menu-item -->
|
|
</div>
|
|
|
|
<div class="select-menu-no-results">Nothing to show</div>
|
|
</div> <!-- /.select-menu-list -->
|
|
|
|
</div> <!-- /.select-menu-modal -->
|
|
</div> <!-- /.select-menu-modal-holder -->
|
|
</div> <!-- /.select-menu -->
|
|
|
|
<div class="button-group right">
|
|
<a href="/wpvulndb/wpscan/find/master"
|
|
class="js-show-file-finder minibutton empty-icon tooltipped tooltipped-s"
|
|
data-pjax
|
|
data-hotkey="t"
|
|
aria-label="Quickly jump between files">
|
|
<span class="octicon octicon-list-unordered"></span>
|
|
</a>
|
|
<button class="js-zeroclipboard minibutton zeroclipboard-button"
|
|
data-clipboard-text="data/wp_vulns.json"
|
|
aria-label="Copy to clipboard"
|
|
data-copied-hint="Copied!">
|
|
<span class="octicon octicon-clippy"></span>
|
|
</button>
|
|
</div>
|
|
|
|
<div class="breadcrumb">
|
|
<span class='repo-root js-repo-root'><span itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/wpvulndb/wpscan" data-branch="master" data-direction="back" data-pjax="true" itemscope="url"><span itemprop="title">wpscan</span></a></span></span><span class="separator"> / </span><span itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/wpvulndb/wpscan/tree/master/data" data-branch="master" data-direction="back" data-pjax="true" itemscope="url"><span itemprop="title">data</span></a></span><span class="separator"> / </span><strong class="final-path">wp_vulns.json</strong>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="commit file-history-tease">
|
|
<img alt="wpvulndb" class="main-avatar" data-user="7658332" height="24" src="https://avatars1.githubusercontent.com/u/7658332?v=1&s=48" width="24" />
|
|
<span class="author"><a href="/wpvulndb" rel="author">wpvulndb</a></span>
|
|
<time datetime="2014-07-31T11:41:49+02:00" is="relative-time">July 31, 2014</time>
|
|
<div class="commit-title">
|
|
<a href="/wpvulndb/wpscan/commit/55f9cb78da92f87febc1337a79e09e7976c944b2" class="message" data-pjax="true" title="Commit from WPVULNDB">Commit from WPVULNDB</a>
|
|
</div>
|
|
|
|
<div class="participation">
|
|
<p class="quickstat"><a href="#blob_contributors_box" rel="facebox"><strong>1</strong> contributor</a></p>
|
|
|
|
</div>
|
|
<div id="blob_contributors_box" style="display:none">
|
|
<h2 class="facebox-header">Users who have contributed to this file</h2>
|
|
<ul class="facebox-user-list">
|
|
<li class="facebox-user-list-item">
|
|
<img alt="wpvulndb" data-user="7658332" height="24" src="https://avatars1.githubusercontent.com/u/7658332?v=1&s=48" width="24" />
|
|
<a href="/wpvulndb">wpvulndb</a>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="file-box">
|
|
<div class="file">
|
|
<div class="meta clearfix">
|
|
<div class="info file-name">
|
|
<span>1 lines (1 sloc)</span>
|
|
<span class="meta-divider"></span>
|
|
<span>147.129 kb</span>
|
|
</div>
|
|
<div class="actions">
|
|
<div class="button-group">
|
|
<a href="/wpvulndb/wpscan/raw/master/data/wp_vulns.json" class="minibutton " id="raw-url">Raw</a>
|
|
<a href="/wpvulndb/wpscan/blame/master/data/wp_vulns.json" class="minibutton js-update-url-with-hash">Blame</a>
|
|
<a href="/wpvulndb/wpscan/commits/master/data/wp_vulns.json" class="minibutton " rel="nofollow">History</a>
|
|
</div><!-- /.button-group -->
|
|
|
|
|
|
<a class="octicon-button disabled tooltipped tooltipped-w" href="#"
|
|
aria-label="You must be signed in to make or propose changes"><span class="octicon octicon-pencil"></span></a>
|
|
|
|
<a class="octicon-button danger disabled tooltipped tooltipped-w" href="#"
|
|
aria-label="You must be signed in to make or propose changes">
|
|
<span class="octicon octicon-trashcan"></span>
|
|
</a>
|
|
</div><!-- /.actions -->
|
|
</div>
|
|
|
|
<div class="blob-wrapper data type-json">
|
|
<table class="file-code file-diff tab-size-8">
|
|
<tr class="file-code-line">
|
|
<td class="blob-line-nums">
|
|
<span id="L1" rel="#L1">1</span>
|
|
|
|
</td>
|
|
<td class="blob-line-code"><div class="code-body highlight"><pre><div class='line' id='LC1'>[{"3.8.1":{"vulnerabilities":[{"id":88075,"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1","url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/","created_at":"2014-07-15T17:16:21.103Z","updated_at":"2014-07-15T17:16:21.103Z"},{"id":88076,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-07-15T17:16:21.173Z","updated_at":"2014-07-15T17:16:21.173Z","fixed_in":"3.8.2"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.8.2"}]}},{"3.8":{"vulnerabilities":[{"id":88079,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-07-15T17:16:21.315Z","updated_at":"2014-07-15T17:16:21.315Z"}]}},{"3.7.1":{"vulnerabilities":[{"id":88076,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-07-15T17:16:21.173Z","updated_at":"2014-07-15T17:16:21.173Z","fixed_in":"3.7.2"},{"id":88079,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-07-15T17:16:21.315Z","updated_at":"2014-07-15T17:16:21.315Z"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.7.2"}]}},{"3.6":{"vulnerabilities":[{"id":88080,"title":"PHP Object Injection","url":"http://vagosec.org/2013/09/wordpress-php-object-injection/,http://www.openwall.com/lists/oss-security/2013/09/12/1,http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340,http://core.trac.wordpress.org/changeset/25325","osvdb":"97211","cve":"2013-4338","secunia":"54803","created_at":"2014-07-15T17:16:21.580Z","updated_at":"2014-07-15T17:16:21.580Z","fixed_in":"3.6.1"},{"id":88081,"title":"wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97210","cve":"2013-5739","created_at":"2014-07-15T17:16:21.628Z","updated_at":"2014-07-15T17:16:21.628Z","fixed_in":"3.6.1"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88083,"title":"wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing","url":"http://core.trac.wordpress.org/changeset/25321","osvdb":"97213","cve":"2013-4340","secunia":"54803","created_at":"2014-07-15T17:16:21.712Z","updated_at":"2014-07-15T17:16:21.712Z","fixed_in":"3.6.1"},{"id":88084,"title":"wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97214","cve":"2013-5738","created_at":"2014-07-15T17:16:21.756Z","updated_at":"2014-07-15T17:16:21.756Z","fixed_in":"3.6.1"},{"id":88085,"title":"Multiple Function Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Nov/220","osvdb":"100487","created_at":"2014-07-15T17:16:21.804Z","updated_at":"2014-07-15T17:16:21.804Z"},{"id":88086,"title":"Multiple Script Arbitrary Site Redirect","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101181","created_at":"2014-07-15T17:16:21.847Z","updated_at":"2014-07-15T17:16:21.847Z","fixed_in":"3.6.1"},{"id":88087,"title":"wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101182","created_at":"2014-07-15T17:16:21.892Z","updated_at":"2014-07-15T17:16:21.892Z","fixed_in":"3.6.1"}]}},{"3.5.2":{"vulnerabilities":[{"id":88088,"title":"Media Library Multiple Function Path Disclosure","url":"http://websecurity.com.ua/6795/","osvdb":"100484","created_at":"2014-07-15T17:16:21.940Z","updated_at":"2014-07-15T17:16:21.940Z"},{"id":88089,"title":"SWFUpload Content Spoofing","url":"http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html,https://github.com/wpscanteam/wpscan/issues/243","created_at":"2014-07-15T17:16:21.987Z","updated_at":"2014-07-15T17:16:21.987Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.5.1":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88091,"title":"WordPress 3.4-3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.129Z","updated_at":"2014-07-15T17:16:22.129Z","fixed_in":"3.5.2"},{"id":88092,"title":"WordPress Multiple XSS","osvdb":"94791,94785,94786,94790","created_at":"2014-07-15T17:16:22.176Z","updated_at":"2014-07-15T17:16:22.176Z","fixed_in":"3.5.2"},{"id":88093,"title":"WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness","osvdb":"94787","created_at":"2014-07-15T17:16:22.220Z","updated_at":"2014-07-15T17:16:22.220Z","fixed_in":"3.5.2"},{"id":88094,"title":"WordPress File Upload Unspecified Path Disclosure","osvdb":"94788","created_at":"2014-07-15T17:16:22.267Z","updated_at":"2014-07-15T17:16:22.267Z","fixed_in":"3.5.2"},{"id":88095,"title":"WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure","osvdb":"94789","created_at":"2014-07-15T17:16:22.313Z","updated_at":"2014-07-15T17:16:22.313Z","fixed_in":"3.5.2"},{"id":88096,"title":"WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation","osvdb":"94783","created_at":"2014-07-15T17:16:22.358Z","updated_at":"2014-07-15T17:16:22.358Z","fixed_in":"3.5.2"},{"id":88097,"title":"WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)","osvdb":"94784","created_at":"2014-07-15T17:16:22.403Z","updated_at":"2014-07-15T17:16:22.403Z","fixed_in":"3.5.2"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.5":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88102,"title":"Shortcodes / Post Content Multiple Unspecified XSS","url":"http://www.securityfocus.com/bid/57554,http://securitytracker.com/id?1028045","osvdb":"89576","cve":"2013-0236","secunia":"51967","created_at":"2014-07-15T17:16:22.774Z","updated_at":"2014-07-15T17:16:22.774Z","fixed_in":"3.5.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4.2":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88103,"title":"WordPress 3.4.2 Cross Site Request Forgery","url":"http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html","created_at":"2014-07-15T17:16:23.016Z","updated_at":"2014-07-15T17:16:23.016Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4.1":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4-beta4":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88104,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:24.023Z","updated_at":"2014-07-15T17:16:24.023Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.3":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.2":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88104,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:24.023Z","updated_at":"2014-07-15T17:16:24.023Z"},{"id":88105,"title":"WordPress 3.3.2 Cross Site Scripting","url":"http://packetstormsecurity.org/files/113254","created_at":"2014-07-15T17:16:24.591Z","updated_at":"2014-07-15T17:16:24.591Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.1":{"vulnerabilities":[{"id":88109,"title":"Multiple vulnerabilities including XSS and Privilege Escalation","url":"http://wordpress.org/news/2012/04/wordpress-3-3-2/","created_at":"2014-07-15T17:16:25.030Z","updated_at":"2014-07-15T17:16:25.030Z"},{"id":88110,"title":"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:25.079Z","updated_at":"2014-07-15T17:16:25.079Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.3":{"vulnerabilities":[{"id":88112,"title":"Reflected Cross-Site Scripting in WordPress 3.3","url":"http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html","created_at":"2014-07-15T17:16:25.468Z","updated_at":"2014-07-15T17:16:25.468Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.2.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.3":{"vulnerabilities":[{"id":88113,"title":"wp-admin/link-manager.php Multiple Parameter SQL Injection","osvdb":"73723","secunia":"45099","exploitdb":"17465","created_at":"2014-07-15T17:16:26.903Z","updated_at":"2014-07-15T17:16:26.903Z","fixed_in":"3.1.4"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.2":{"vulnerabilities":[{"id":88114,"title":"Wordpress \u003c= 3.1.2 Clickjacking Vulnerability","url":"http://seclists.org/fulldisclosure/2011/Sep/219,http://www.securityfocus.com/bid/49730","created_at":"2014-07-15T17:16:27.306Z","updated_at":"2014-07-15T17:16:27.306Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.1":{"vulnerabilities":[{"id":88115,"title":"WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS","osvdb":"72142","created_at":"2014-07-15T17:16:27.694Z","updated_at":"2014-07-15T17:16:27.694Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.5":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.3":{"vulnerabilities":[{"id":88117,"title":"SQL injection vulnerability in do_trackbacks() Wordpress function","exploitdb":"15684","created_at":"2014-07-15T17:16:29.523Z","updated_at":"2014-07-15T17:16:29.523Z"},{"id":88118,"title":"Wordpress 3.0.3 stored XSS IE7,6 NS8.1","exploitdb":"15858","created_at":"2014-07-15T17:16:29.580Z","updated_at":"2014-07-15T17:16:29.580Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.2":{"vulnerabilities":[{"id":88119,"title":"WordPress XML-RPC Interface Access Restriction Bypass","osvdb":"69761","created_at":"2014-07-15T17:16:29.999Z","updated_at":"2014-07-15T17:16:29.999Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.1":{"vulnerabilities":[{"id":88120,"title":"WordPress: Information Disclosure via SQL Injection Attack","url":"http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/","created_at":"2014-07-15T17:16:30.465Z","updated_at":"2014-07-15T17:16:30.465Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0.1"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":89610,"title":"testing!!!!123","url":"http://www.example.com","osvdb":"12f345,12345,1234g5","cve":"12345,12345,12345","secunia":"12345,2222,12345,12345","exploitdb":"12345","created_at":"2014-07-29T16:02:58.453Z","updated_at":"2014-07-29T21:03:59.991Z"}]}},{"2.9.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.9.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.9":{"vulnerabilities":[{"id":88126,"title":"WordPress 2.9 Failure to Restrict URL Access","exploitdb":"11441","created_at":"2014-07-15T17:16:32.421Z","updated_at":"2014-07-15T17:16:32.421Z"},{"id":88127,"title":"Wordpress DOS \u003c= 2.9","exploitdb":"11441","created_at":"2014-07-15T17:16:32.463Z","updated_at":"2014-07-15T17:16:32.463Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.5":{"vulnerabilities":[{"id":88128,"title":"WordPress \u003c= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution","exploitdb":"10089","created_at":"2014-07-15T17:16:33.235Z","updated_at":"2014-07-15T17:16:33.235Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.3":{"vulnerabilities":[{"id":88129,"title":"Wordpress \u003c= 2.8.3 Remote Admin Reset Password Vulnerability","exploitdb":"9410","created_at":"2014-07-15T17:16:34.029Z","updated_at":"2014-07-15T17:16:34.029Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.1":{"vulnerabilities":[{"id":88130,"title":"Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit","exploitdb":"9250","created_at":"2014-07-15T17:16:34.787Z","updated_at":"2014-07-15T17:16:34.787Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.7.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.7":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.5":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.3":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88132,"title":"Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit","exploitdb":"6421","created_at":"2014-07-15T17:16:38.068Z","updated_at":"2014-07-15T17:16:38.068Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.5.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.5":{"vulnerabilities":[{"id":88133,"title":"Wordpress 2.5 Cookie Integrity Protection Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded","cve":"2008-1930","created_at":"2014-07-15T17:16:39.306Z","updated_at":"2014-07-15T17:16:39.306Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88134,"title":"Wordpress \u003c= 2.3.1 Charset Remote SQL Injection Vulnerability","exploitdb":"4721","created_at":"2014-07-15T17:16:40.542Z","updated_at":"2014-07-15T17:16:40.542Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88135,"title":"WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit","exploitdb":"4113","created_at":"2014-07-15T17:16:42.484Z","updated_at":"2014-07-15T17:16:42.484Z"},{"id":88136,"title":"Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit","exploitdb":"4039","created_at":"2014-07-15T17:16:42.525Z","updated_at":"2014-07-15T17:16:42.525Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88137,"title":"Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit","exploitdb":"3960","created_at":"2014-07-15T17:16:42.948Z","updated_at":"2014-07-15T17:16:42.948Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88138,"title":"WordPress \"year\" Cross-Site Scripting Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded","secunia":"24485","created_at":"2014-07-15T17:16:43.367Z","updated_at":"2014-07-15T17:16:43.367Z"},{"id":88139,"title":"Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit","exploitdb":"3656","created_at":"2014-07-15T17:16:43.408Z","updated_at":"2014-07-15T17:16:43.408Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88140,"title":"WordPress Command Execution and PHP Injection","url":"http://www.securityfocus.com/bid/22797,http://xforce.iss.net/xforce/xfdb/32807","cve":"2007-1277","secunia":"24374","created_at":"2014-07-15T17:16:43.833Z","updated_at":"2014-07-15T17:16:43.833Z","fixed_in":"2.1.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.11":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.10":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.9":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.8":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.7":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.6":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88141,"title":"Wordpress \u003c= 2.0.6 wp-trackback.php Remote SQL Injection Exploit","exploitdb":"3109","created_at":"2014-07-15T17:16:46.450Z","updated_at":"2014-07-15T17:16:46.450Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.5":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88142,"title":"Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit","exploitdb":"3095","created_at":"2014-07-15T17:16:46.876Z","updated_at":"2014-07-15T17:16:46.876Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.4":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88144,"title":"WordPress \u003c= 2.0.2 (cache) Remote Shell Injection Exploit","exploitdb":"6","created_at":"2014-07-15T17:16:48.215Z","updated_at":"2014-07-15T17:16:48.215Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"},{"id":89602,"title":"this is a test","created_at":"2014-07-15T17:26:16.549Z","updated_at":"2014-07-15T17:26:16.549Z"}]}},{"1.5.2":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.3":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88146,"title":"Wordpress \u003c= 1.5.1.3 Remote Code Execution eXploit (metasploit)","exploitdb":"1145","created_at":"2014-07-15T17:16:49.960Z","updated_at":"2014-07-15T17:16:49.960Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.2":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88147,"title":"Wordpress \u003c= 1.5.1.2 xmlrpc Interface SQL Injection Exploit","osvdb":"17636,17637,17638,17639,17640,17641","cve":"2005-2108","secunia":"15831,15898","exploitdb":"1077","created_at":"2014-07-15T17:16:50.147Z","updated_at":"2014-07-15T17:16:50.147Z","fixed_in":"1.5.1.3"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88148,"title":"WordPress \u003c= 1.5.1.1 \"add new admin\" SQL Injection Exploit","secunia":"10596","created_at":"2014-07-15T17:16:50.393Z","updated_at":"2014-07-29T21:23:31.030Z"},{"id":88149,"title":"WordPress \u003c= 1.5.1.1 SQL Injection Exploit","exploitdb":"1033","created_at":"2014-07-15T17:16:50.447Z","updated_at":"2014-07-15T17:16:50.447Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5":{"vulnerabilities":[{"id":88150,"title":"WordPress wp-trackback.php tb_id Parameter SQL Injection","osvdb":"16701,16702,16703","cve":"2005-1687","created_at":"2014-07-15T17:16:50.774Z","updated_at":"2014-07-15T17:16:50.774Z","fixed_in":"1.5.1"},{"id":88151,"title":"WordPress post.php p Parameter XSS","osvdb":"16702,16701,16703","created_at":"2014-07-15T17:16:50.819Z","updated_at":"2014-07-15T17:16:50.819Z","fixed_in":"1.5.1"},{"id":88152,"title":"WordPress Multiple Script Direct Request Path Disclosure","osvdb":"16703,16701,16702","cve":"2005-1688","created_at":"2014-07-15T17:16:50.865Z","updated_at":"2014-07-15T17:16:50.865Z","fixed_in":"1.5.1"},{"id":88153,"title":"WordPress Cross-Site Scripting and SQL Injection Vulnerabilities","osvdb":"16478","secunia":"15324","created_at":"2014-07-15T17:16:50.924Z","updated_at":"2014-07-15T17:16:50.924Z","fixed_in":"1.5.1"},{"id":88154,"title":"WordPress template-functions-post.php Multiple Field XSS","osvdb":"15643","cve":"2005-1102","created_at":"2014-07-15T17:16:50.999Z","updated_at":"2014-07-15T17:16:50.999Z"}]}}]</div></pre></div></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<a href="#jump-to-line" rel="facebox[.linejump]" data-hotkey="l" style="display:none">Jump to Line</a>
|
|
<div id="jump-to-line" style="display:none">
|
|
<form accept-charset="UTF-8" class="js-jump-to-line-form">
|
|
<input class="linejump-input js-jump-to-line-field" type="text" placeholder="Jump to line…" autofocus>
|
|
<button type="submit" class="button">Go</button>
|
|
</form>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div><!-- /.repo-container -->
|
|
<div class="modal-backdrop"></div>
|
|
</div><!-- /.container -->
|
|
</div><!-- /.site -->
|
|
|
|
|
|
</div><!-- /.wrapper -->
|
|
|
|
<div class="container">
|
|
<div class="site-footer">
|
|
<ul class="site-footer-links right">
|
|
<li><a href="https://status.github.com/">Status</a></li>
|
|
<li><a href="http://developer.github.com">API</a></li>
|
|
<li><a href="http://training.github.com">Training</a></li>
|
|
<li><a href="http://shop.github.com">Shop</a></li>
|
|
<li><a href="/blog">Blog</a></li>
|
|
<li><a href="/about">About</a></li>
|
|
|
|
</ul>
|
|
|
|
<a href="/" aria-label="Homepage">
|
|
<span class="mega-octicon octicon-mark-github" title="GitHub"></span>
|
|
</a>
|
|
|
|
<ul class="site-footer-links">
|
|
<li>© 2014 <span title="0.03074s from github-fe130-cp1-prd.iad.github.net">GitHub</span>, Inc.</li>
|
|
<li><a href="/site/terms">Terms</a></li>
|
|
<li><a href="/site/privacy">Privacy</a></li>
|
|
<li><a href="/security">Security</a></li>
|
|
<li><a href="/contact">Contact</a></li>
|
|
</ul>
|
|
</div><!-- /.site-footer -->
|
|
</div><!-- /.container -->
|
|
|
|
|
|
<div class="fullscreen-overlay js-fullscreen-overlay" id="fullscreen_overlay">
|
|
<div class="fullscreen-container js-suggester-container">
|
|
<div class="textarea-wrap">
|
|
<textarea name="fullscreen-contents" id="fullscreen-contents" class="fullscreen-contents js-fullscreen-contents js-suggester-field" placeholder=""></textarea>
|
|
</div>
|
|
</div>
|
|
<div class="fullscreen-sidebar">
|
|
<a href="#" class="exit-fullscreen js-exit-fullscreen tooltipped tooltipped-w" aria-label="Exit Zen Mode">
|
|
<span class="mega-octicon octicon-screen-normal"></span>
|
|
</a>
|
|
<a href="#" class="theme-switcher js-theme-switcher tooltipped tooltipped-w"
|
|
aria-label="Switch themes">
|
|
<span class="octicon octicon-color-mode"></span>
|
|
</a>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div id="ajax-error-message" class="flash flash-error">
|
|
<span class="octicon octicon-alert"></span>
|
|
<a href="#" class="octicon octicon-x close js-ajax-error-dismiss" aria-label="Dismiss error"></a>
|
|
Something went wrong with that request. Please try again.
|
|
</div>
|
|
|
|
|
|
<script crossorigin="anonymous" src="https://assets-cdn.github.com/assets/frameworks-e4dc2473554b94cdf2908eac37f60d9d484f612d.js" type="text/javascript"></script>
|
|
<script async="async" crossorigin="anonymous" src="https://assets-cdn.github.com/assets/github-71c62e998886d9868432b321caf16c3b74963c29.js" type="text/javascript"></script>
|
|
|
|
|
|
<script async src="https://www.google-analytics.com/analytics.js"></script>
|
|
</body>
|
|
</html>
|
|
|