1 line
144 KiB
JSON
1 line
144 KiB
JSON
[{"3.8.1":{"vulnerabilities":[{"id":88075,"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1","url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/","created_at":"2014-07-15T17:16:21.103Z","updated_at":"2014-07-15T17:16:21.103Z"},{"id":88076,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-07-15T17:16:21.173Z","updated_at":"2014-07-15T17:16:21.173Z","fixed_in":"3.8.2"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.8.2"}]}},{"3.8":{"vulnerabilities":[{"id":88079,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-07-15T17:16:21.315Z","updated_at":"2014-07-15T17:16:21.315Z"}]}},{"3.7.1":{"vulnerabilities":[{"id":88076,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-07-15T17:16:21.173Z","updated_at":"2014-07-15T17:16:21.173Z","fixed_in":"3.7.2"},{"id":88079,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-07-15T17:16:21.315Z","updated_at":"2014-07-15T17:16:21.315Z"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.7.2"}]}},{"3.6":{"vulnerabilities":[{"id":88080,"title":"PHP Object Injection","url":"http://vagosec.org/2013/09/wordpress-php-object-injection/,http://www.openwall.com/lists/oss-security/2013/09/12/1,http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340,http://core.trac.wordpress.org/changeset/25325","osvdb":"97211","cve":"2013-4338","secunia":"54803","created_at":"2014-07-15T17:16:21.580Z","updated_at":"2014-07-15T17:16:21.580Z","fixed_in":"3.6.1"},{"id":88081,"title":"wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97210","cve":"2013-5739","created_at":"2014-07-15T17:16:21.628Z","updated_at":"2014-07-15T17:16:21.628Z","fixed_in":"3.6.1"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88083,"title":"wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing","url":"http://core.trac.wordpress.org/changeset/25321","osvdb":"97213","cve":"2013-4340","secunia":"54803","created_at":"2014-07-15T17:16:21.712Z","updated_at":"2014-07-15T17:16:21.712Z","fixed_in":"3.6.1"},{"id":88084,"title":"wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97214","cve":"2013-5738","created_at":"2014-07-15T17:16:21.756Z","updated_at":"2014-07-15T17:16:21.756Z","fixed_in":"3.6.1"},{"id":88085,"title":"Multiple Function Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Nov/220","osvdb":"100487","created_at":"2014-07-15T17:16:21.804Z","updated_at":"2014-07-15T17:16:21.804Z"},{"id":88086,"title":"Multiple Script Arbitrary Site Redirect","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101181","created_at":"2014-07-15T17:16:21.847Z","updated_at":"2014-07-15T17:16:21.847Z","fixed_in":"3.6.1"},{"id":88087,"title":"wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101182","created_at":"2014-07-15T17:16:21.892Z","updated_at":"2014-07-15T17:16:21.892Z","fixed_in":"3.6.1"}]}},{"3.5.2":{"vulnerabilities":[{"id":88088,"title":"Media Library Multiple Function Path Disclosure","url":"http://websecurity.com.ua/6795/","osvdb":"100484","created_at":"2014-07-15T17:16:21.940Z","updated_at":"2014-07-15T17:16:21.940Z"},{"id":88089,"title":"SWFUpload Content Spoofing","url":"http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html,https://github.com/wpscanteam/wpscan/issues/243","created_at":"2014-07-15T17:16:21.987Z","updated_at":"2014-07-15T17:16:21.987Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.5.1":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88091,"title":"WordPress 3.4-3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.129Z","updated_at":"2014-07-15T17:16:22.129Z","fixed_in":"3.5.2"},{"id":88092,"title":"WordPress Multiple XSS","osvdb":"94791,94785,94786,94790","created_at":"2014-07-15T17:16:22.176Z","updated_at":"2014-07-15T17:16:22.176Z","fixed_in":"3.5.2"},{"id":88093,"title":"WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness","osvdb":"94787","created_at":"2014-07-15T17:16:22.220Z","updated_at":"2014-07-15T17:16:22.220Z","fixed_in":"3.5.2"},{"id":88094,"title":"WordPress File Upload Unspecified Path Disclosure","osvdb":"94788","created_at":"2014-07-15T17:16:22.267Z","updated_at":"2014-07-15T17:16:22.267Z","fixed_in":"3.5.2"},{"id":88095,"title":"WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure","osvdb":"94789","created_at":"2014-07-15T17:16:22.313Z","updated_at":"2014-07-15T17:16:22.313Z","fixed_in":"3.5.2"},{"id":88096,"title":"WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation","osvdb":"94783","created_at":"2014-07-15T17:16:22.358Z","updated_at":"2014-07-15T17:16:22.358Z","fixed_in":"3.5.2"},{"id":88097,"title":"WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)","osvdb":"94784","created_at":"2014-07-15T17:16:22.403Z","updated_at":"2014-07-15T17:16:22.403Z","fixed_in":"3.5.2"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.5":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88102,"title":"Shortcodes / Post Content Multiple Unspecified XSS","url":"http://www.securityfocus.com/bid/57554,http://securitytracker.com/id?1028045","osvdb":"89576","cve":"2013-0236","secunia":"51967","created_at":"2014-07-15T17:16:22.774Z","updated_at":"2014-07-15T17:16:22.774Z","fixed_in":"3.5.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4.2":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88103,"title":"WordPress 3.4.2 Cross Site Request Forgery","url":"http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html","created_at":"2014-07-15T17:16:23.016Z","updated_at":"2014-07-15T17:16:23.016Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4.1":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4":{"vulnerabilities":[{"id":88090,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-07-15T17:16:22.080Z","updated_at":"2014-07-15T17:16:22.080Z","fixed_in":"3.5.2"},{"id":88098,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-07-15T17:16:22.546Z","updated_at":"2014-07-15T17:16:22.546Z","fixed_in":"3.5.2"},{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.4-beta4":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88104,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:24.023Z","updated_at":"2014-07-15T17:16:24.023Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.3":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.2":{"vulnerabilities":[{"id":88099,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-07-15T17:16:22.603Z","updated_at":"2014-07-15T17:16:22.603Z"},{"id":88104,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:24.023Z","updated_at":"2014-07-15T17:16:24.023Z"},{"id":88105,"title":"WordPress 3.3.2 Cross Site Scripting","url":"http://packetstormsecurity.org/files/113254","created_at":"2014-07-15T17:16:24.591Z","updated_at":"2014-07-15T17:16:24.591Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":88078,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-07-15T17:16:21.267Z","updated_at":"2014-07-15T17:16:21.267Z","fixed_in":"3.5.1"}]}},{"3.3.1":{"vulnerabilities":[{"id":88109,"title":"Multiple vulnerabilities including XSS and Privilege Escalation","url":"http://wordpress.org/news/2012/04/wordpress-3-3-2/","created_at":"2014-07-15T17:16:25.030Z","updated_at":"2014-07-15T17:16:25.030Z"},{"id":88110,"title":"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-07-15T17:16:25.079Z","updated_at":"2014-07-15T17:16:25.079Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.3":{"vulnerabilities":[{"id":88112,"title":"Reflected Cross-Site Scripting in WordPress 3.3","url":"http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html","created_at":"2014-07-15T17:16:25.468Z","updated_at":"2014-07-15T17:16:25.468Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.2.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.3":{"vulnerabilities":[{"id":88113,"title":"wp-admin/link-manager.php Multiple Parameter SQL Injection","osvdb":"73723","secunia":"45099","exploitdb":"17465","created_at":"2014-07-15T17:16:26.903Z","updated_at":"2014-07-15T17:16:26.903Z","fixed_in":"3.1.4"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.2":{"vulnerabilities":[{"id":88114,"title":"Wordpress \u003c= 3.1.2 Clickjacking Vulnerability","url":"http://seclists.org/fulldisclosure/2011/Sep/219,http://www.securityfocus.com/bid/49730","created_at":"2014-07-15T17:16:27.306Z","updated_at":"2014-07-15T17:16:27.306Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1.1":{"vulnerabilities":[{"id":88115,"title":"WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS","osvdb":"72142","created_at":"2014-07-15T17:16:27.694Z","updated_at":"2014-07-15T17:16:27.694Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.5":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.3":{"vulnerabilities":[{"id":88117,"title":"SQL injection vulnerability in do_trackbacks() Wordpress function","exploitdb":"15684","created_at":"2014-07-15T17:16:29.523Z","updated_at":"2014-07-15T17:16:29.523Z"},{"id":88118,"title":"Wordpress 3.0.3 stored XSS IE7,6 NS8.1","exploitdb":"15858","created_at":"2014-07-15T17:16:29.580Z","updated_at":"2014-07-15T17:16:29.580Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.2":{"vulnerabilities":[{"id":88119,"title":"WordPress XML-RPC Interface Access Restriction Bypass","osvdb":"69761","created_at":"2014-07-15T17:16:29.999Z","updated_at":"2014-07-15T17:16:29.999Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0.1":{"vulnerabilities":[{"id":88120,"title":"WordPress: Information Disclosure via SQL Injection Attack","url":"http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/","created_at":"2014-07-15T17:16:30.465Z","updated_at":"2014-07-15T17:16:30.465Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"}]}},{"3.0":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88116,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-07-15T17:16:28.911Z","updated_at":"2014-07-15T17:16:28.911Z","fixed_in":"3.0.6"},{"id":88106,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-07-15T17:16:24.753Z","updated_at":"2014-07-15T17:16:24.753Z","fixed_in":"3.3.3"},{"id":88107,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-07-15T17:16:24.801Z","updated_at":"2014-07-15T17:16:24.801Z","fixed_in":"3.3.3"},{"id":88108,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-07-15T17:16:24.846Z","updated_at":"2014-07-15T17:16:24.846Z","fixed_in":"3.3.3"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0.1"},{"id":88082,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-07-15T17:16:21.671Z","updated_at":"2014-07-15T17:16:21.671Z","fixed_in":"3.6.1"},{"id":89610,"title":"testing!!!!123","url":"http://www.example.com","osvdb":"12f345,12345,1234g5","cve":"12345,12345,12345","secunia":"12345,2222,12345,12345","exploitdb":"12345","created_at":"2014-07-29T16:02:58.453Z","updated_at":"2014-07-29T21:03:59.991Z"}]}},{"2.9.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.9.1":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.9":{"vulnerabilities":[{"id":88126,"title":"WordPress 2.9 Failure to Restrict URL Access","exploitdb":"11441","created_at":"2014-07-15T17:16:32.421Z","updated_at":"2014-07-15T17:16:32.421Z"},{"id":88127,"title":"Wordpress DOS \u003c= 2.9","exploitdb":"11441","created_at":"2014-07-15T17:16:32.463Z","updated_at":"2014-07-15T17:16:32.463Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.5":{"vulnerabilities":[{"id":88128,"title":"WordPress \u003c= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution","exploitdb":"10089","created_at":"2014-07-15T17:16:33.235Z","updated_at":"2014-07-15T17:16:33.235Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.3":{"vulnerabilities":[{"id":88129,"title":"Wordpress \u003c= 2.8.3 Remote Admin Reset Password Vulnerability","exploitdb":"9410","created_at":"2014-07-15T17:16:34.029Z","updated_at":"2014-07-15T17:16:34.029Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.2":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8.1":{"vulnerabilities":[{"id":88130,"title":"Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit","exploitdb":"9250","created_at":"2014-07-15T17:16:34.787Z","updated_at":"2014-07-15T17:16:34.787Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.8":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.7.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.7":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.5":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.4":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.3":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88132,"title":"Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit","exploitdb":"6421","created_at":"2014-07-15T17:16:38.068Z","updated_at":"2014-07-15T17:16:38.068Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.6":{"vulnerabilities":[{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.5.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.5":{"vulnerabilities":[{"id":88133,"title":"Wordpress 2.5 Cookie Integrity Protection Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded","cve":"2008-1930","created_at":"2014-07-15T17:16:39.306Z","updated_at":"2014-07-15T17:16:39.306Z"},{"id":88111,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-07-15T17:16:25.130Z","updated_at":"2014-07-15T17:16:25.130Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88134,"title":"Wordpress \u003c= 2.3.1 Charset Remote SQL Injection Vulnerability","exploitdb":"4721","created_at":"2014-07-15T17:16:40.542Z","updated_at":"2014-07-15T17:16:40.542Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.3":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88135,"title":"WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit","exploitdb":"4113","created_at":"2014-07-15T17:16:42.484Z","updated_at":"2014-07-15T17:16:42.484Z"},{"id":88136,"title":"Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit","exploitdb":"4039","created_at":"2014-07-15T17:16:42.525Z","updated_at":"2014-07-15T17:16:42.525Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88137,"title":"Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit","exploitdb":"3960","created_at":"2014-07-15T17:16:42.948Z","updated_at":"2014-07-15T17:16:42.948Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88138,"title":"WordPress \"year\" Cross-Site Scripting Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded","secunia":"24485","created_at":"2014-07-15T17:16:43.367Z","updated_at":"2014-07-15T17:16:43.367Z"},{"id":88139,"title":"Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit","exploitdb":"3656","created_at":"2014-07-15T17:16:43.408Z","updated_at":"2014-07-15T17:16:43.408Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1.1":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88140,"title":"WordPress Command Execution and PHP Injection","url":"http://www.securityfocus.com/bid/22797,http://xforce.iss.net/xforce/xfdb/32807","cve":"2007-1277","secunia":"24374","created_at":"2014-07-15T17:16:43.833Z","updated_at":"2014-07-15T17:16:43.833Z","fixed_in":"2.1.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.1":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.11":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.10":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.9":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.8":{"vulnerabilities":[{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.7":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.6":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88141,"title":"Wordpress \u003c= 2.0.6 wp-trackback.php Remote SQL Injection Exploit","exploitdb":"3109","created_at":"2014-07-15T17:16:46.450Z","updated_at":"2014-07-15T17:16:46.450Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.5":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88142,"title":"Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit","exploitdb":"3095","created_at":"2014-07-15T17:16:46.876Z","updated_at":"2014-07-15T17:16:46.876Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.4":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.3":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.2":{"vulnerabilities":[{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88144,"title":"WordPress \u003c= 2.0.2 (cache) Remote Shell Injection Exploit","exploitdb":"6","created_at":"2014-07-15T17:16:48.215Z","updated_at":"2014-07-15T17:16:48.215Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88143,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-07-15T17:16:47.410Z","updated_at":"2014-07-15T17:16:47.410Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"}]}},{"2.0":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88131,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-07-15T17:16:35.556Z","updated_at":"2014-07-15T17:16:35.556Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"},{"id":88121,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-07-15T17:16:30.842Z","updated_at":"2014-07-15T17:16:30.842Z","fixed_in":"3.0.2"},{"id":88122,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-07-15T17:16:30.889Z","updated_at":"2014-07-15T17:16:30.889Z","fixed_in":"3.0.2"},{"id":88123,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-07-15T17:16:30.930Z","updated_at":"2014-07-15T17:16:30.930Z","fixed_in":"3.0.2"},{"id":88124,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-07-15T17:16:30.971Z","updated_at":"2014-07-15T17:16:30.971Z","fixed_in":"3.0.2"},{"id":88125,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-07-15T17:16:31.601Z","updated_at":"2014-07-15T17:16:31.601Z","fixed_in":"3.0"},{"id":89602,"title":"this is a test","created_at":"2014-07-15T17:26:16.549Z","updated_at":"2014-07-15T17:26:16.549Z"}]}},{"1.5.2":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.3":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88146,"title":"Wordpress \u003c= 1.5.1.3 Remote Code Execution eXploit (metasploit)","exploitdb":"1145","created_at":"2014-07-15T17:16:49.960Z","updated_at":"2014-07-15T17:16:49.960Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.2":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88147,"title":"Wordpress \u003c= 1.5.1.2 xmlrpc Interface SQL Injection Exploit","osvdb":"17636,17637,17638,17639,17640,17641","cve":"2005-2108","secunia":"15831,15898","exploitdb":"1077","created_at":"2014-07-15T17:16:50.147Z","updated_at":"2014-07-15T17:16:50.147Z","fixed_in":"1.5.1.3"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88148,"title":"WordPress \u003c= 1.5.1.1 \"add new admin\" SQL Injection Exploit","secunia":"10596","created_at":"2014-07-15T17:16:50.393Z","updated_at":"2014-07-29T21:23:31.030Z"},{"id":88149,"title":"WordPress \u003c= 1.5.1.1 SQL Injection Exploit","exploitdb":"1033","created_at":"2014-07-15T17:16:50.447Z","updated_at":"2014-07-15T17:16:50.447Z"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5.1":{"vulnerabilities":[{"id":88145,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-07-15T17:16:48.772Z","updated_at":"2014-07-15T17:16:48.772Z","fixed_in":"2.0.2"},{"id":88100,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-07-15T17:16:22.644Z","updated_at":"2014-07-15T17:16:22.644Z"},{"id":88101,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-07-15T17:16:22.684Z","updated_at":"2014-07-15T17:16:22.684Z"}]}},{"1.5":{"vulnerabilities":[{"id":88150,"title":"WordPress wp-trackback.php tb_id Parameter SQL Injection","osvdb":"16701,16702,16703","cve":"2005-1687","created_at":"2014-07-15T17:16:50.774Z","updated_at":"2014-07-15T17:16:50.774Z","fixed_in":"1.5.1"},{"id":88151,"title":"WordPress post.php p Parameter XSS","osvdb":"16702,16701,16703","created_at":"2014-07-15T17:16:50.819Z","updated_at":"2014-07-15T17:16:50.819Z","fixed_in":"1.5.1"},{"id":88152,"title":"WordPress Multiple Script Direct Request Path Disclosure","osvdb":"16703,16701,16702","cve":"2005-1688","created_at":"2014-07-15T17:16:50.865Z","updated_at":"2014-07-15T17:16:50.865Z","fixed_in":"1.5.1"},{"id":88153,"title":"WordPress Cross-Site Scripting and SQL Injection Vulnerabilities","osvdb":"16478","secunia":"15324","created_at":"2014-07-15T17:16:50.924Z","updated_at":"2014-07-15T17:16:50.924Z","fixed_in":"1.5.1"},{"id":88154,"title":"WordPress template-functions-post.php Multiple Field XSS","osvdb":"15643","cve":"2005-1102","created_at":"2014-07-15T17:16:50.999Z","updated_at":"2014-07-15T17:16:50.999Z"}]}}] |