garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f01b0b340412fb1c350fdc6b1b61af694c79f16d
wpscan/data/wp_vulns.xml
Peter f01b0b3404 Update vuln db
2014-03-29 21:53:03 +01:00

5027 lines
184 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<wordpress version="3.8">
<vulnerability>
<title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
<references>
<osvdb>101101</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/135</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</wordpress>
<wordpress version="3.7.1">
<vulnerability>
<title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
<references>
<osvdb>101101</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/135</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</wordpress>
<wordpress version="3.6">
<vulnerability>
<title>PHP Object Injection</title>
<references>
<url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
<url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
<url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
<url>http://core.trac.wordpress.org/changeset/25325</url>
<secunia>54803</secunia>
<cve>2013-4338</cve>
<osvdb>97211</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness</title>
<references>
<osvdb>97210</osvdb>
<cve>2013-5739</cve>
<url>http://core.trac.wordpress.org/changeset/25322</url>
</references>
<type>XSS</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing</title>
<references>
<osvdb>97213</osvdb>
<cve>2013-4340</cve>
<secunia>54803</secunia>
<url>http://core.trac.wordpress.org/changeset/25321</url>
</references>
<type>UNKNOWN</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness</title>
<references>
<osvdb>97214</osvdb>
<cve>2013-5738</cve>
<url>http://core.trac.wordpress.org/changeset/25322</url>
</references>
<type>XSS</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple Function Path Disclosure</title>
<references>
<osvdb>100487</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Nov/220</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Multiple Script Arbitrary Site Redirect</title>
<references>
<osvdb>101181</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/174</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS</title>
<references>
<osvdb>101182</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/174</url>
</references>
<type>XSS</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.5.2">
<vulnerability>
<title>Media Library Multiple Function Path Disclosure</title>
<references>
<osvdb>100484</osvdb>
<url>http://websecurity.com.ua/6795/</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>SWFUpload Content Spoofing</title>
<references>
<url>http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html</url>
<url>https://github.com/wpscanteam/wpscan/issues/243</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.5.1">
<vulnerability>
<title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
<references>
<osvdb>95060</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
</references>
<type>FPD</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
<secunia>53676</secunia>
<osvdb>94235</osvdb>
<cve>2013-2173</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress Multiple XSS</title>
<references>
<osvdb>94791</osvdb>
<osvdb>94785</osvdb>
<osvdb>94786</osvdb>
<osvdb>94790</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness</title>
<references>
<osvdb>94787</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress File Upload Unspecified Path Disclosure</title>
<references>
<osvdb>94788</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure</title>
<references>
<osvdb>94789</osvdb>
</references>
<type>XXE</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation</title>
<references>
<osvdb>94783</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)</title>
<references>
<osvdb>94784</osvdb>
</references>
<type>SSRF</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.5">
<vulnerability>
<title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
<references>
<osvdb>95060</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
</references>
<type>FPD</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
<secunia>53676</secunia>
<osvdb>94235</osvdb>
<cve>2013-2173</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4.2">
<vulnerability>
<title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
<references>
<osvdb>95060</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
</references>
<type>FPD</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
<secunia>53676</secunia>
<osvdb>94235</osvdb>
<cve>2013-2173</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.4.2 Cross Site Request Forgery</title>
<references>
<url>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4.1">
<vulnerability>
<title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
<references>
<osvdb>95060</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
</references>
<type>FPD</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
<secunia>53676</secunia>
<osvdb>94235</osvdb>
<cve>2013-2173</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4">
<vulnerability>
<title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
<references>
<osvdb>95060</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
</references>
<type>FPD</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
<secunia>53676</secunia>
<osvdb>94235</osvdb>
<cve>2013-2173</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4-beta4">
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<references>
<exploitdb>18791</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.3">
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.2">
<vulnerability>
<title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
<references>
<url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<references>
<exploitdb>18791</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/113254</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.1">
<vulnerability>
<title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
<references>
<url>http://wordpress.org/news/2012/04/wordpress-3-3-2/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.3.1 - Multiple CSRF Vulnerabilities</title>
<references>
<exploitdb>18791</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3">
<vulnerability>
<title>Reflected Cross-Site Scripting in WordPress 3.3</title>
<references>
<url>http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.2.1">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.2">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.4">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.3">
<vulnerability>
<title>wp-admin/link-manager.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>73723</osvdb>
<exploitdb>17465</exploitdb>
<secunia>45099</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.1.4</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.2">
<vulnerability>
<title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Sep/219</url>
<url>http://www.securityfocus.com/bid/49730</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.1">
<vulnerability>
<title>WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS</title>
<references>
<osvdb>72142</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.6">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.5">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.4">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.3">
<vulnerability>
<title>SQL injection vulnerability in do_trackbacks() Wordpress function</title>
<references>
<exploitdb>15684</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.0.3 stored XSS IE7,6 NS8.1</title>
<references>
<exploitdb>15858</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.2">
<vulnerability>
<title>WordPress XML-RPC Interface Access Restriction Bypass</title>
<references>
<osvdb>69761</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.1">
<vulnerability>
<title>WordPress: Information Disclosure via SQL Injection Attack</title>
<references>
<url>http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<osvdb>104693</osvdb>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/press-this.php - Privilege Escalation</title>
<references>
<cve>2011-5270</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
<references>
<cve>2012-6633</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
<references>
<cve>2012-6634</cve>
</references>
<type>MULTI</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
<references>
<cve>2012-6635</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<osvdb>104691</osvdb>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.9.2">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<osvdb>104693</osvdb>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.9.1">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.9">
<vulnerability>
<title>WordPress 2.9 Failure to Restrict URL Access</title>
<references>
<exploitdb>11441</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress DOS &lt;= 2.9</title>
<references>
<exploitdb>11441</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.6">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.5">
<vulnerability>
<title>WordPress &lt;= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution</title>
<references>
<exploitdb>10089</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.4">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.3">
<vulnerability>
<title>Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability</title>
<references>
<exploitdb>9410</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.2">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8.1">
<vulnerability>
<title>Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit</title>
<references>
<exploitdb>9250</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.8">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.7.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.7">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6.5">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6.4">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6.3">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit</title>
<references>
<exploitdb>6421</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.6">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.5.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.5">
<vulnerability>
<title>Wordpress 2.5 Cookie Integrity Protection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded</url>
<cve>2008-1930</cve>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.3.3">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.3.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.3.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress &lt;= 2.3.1 Charset Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>4721</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.3">
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.2.3">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.2.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.2.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit</title>
<references>
<exploitdb>4113</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit</title>
<references>
<exploitdb>4039</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.1.3">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit</title>
<references>
<exploitdb>3960</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.1.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress "year" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>24485</secunia>
<url>http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
<references>
<exploitdb>3656</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.1.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress Command Execution and PHP Injection</title>
<references>
<cve>2007-1277</cve>
<secunia>24374</secunia>
<url>http://www.securityfocus.com/bid/22797</url>
<url>http://xforce.iss.net/xforce/xfdb/32807</url>
</references>
<type>RCE</type>
<fixed_in>2.1.2</fixed_in>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.1">
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.11">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.10">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.9">
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.8">
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.7">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.6">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress &lt;= 2.0.6 wp-trackback.php Remote SQL Injection Exploit</title>
<references>
<exploitdb>3109</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.5">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit</title>
<references>
<exploitdb>3095</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.4">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/18779</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.3">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/18779</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.2">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress &lt;= 2.0.2 (cache) Remote Shell Injection Exploit</title>
<references>
<exploitdb>6</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/18779</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0.1">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.0">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/35584/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references>
<cve>2010-5293</cve>
</references>
<type>UNKNOWN</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
<references>
<cve>2010-5294</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
<references>
<cve>2010-5295</cve>
</references>
<type>XSS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
<references>
<cve>2010-5296</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references>
<cve>2010-5297</cve>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="1.5.2">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.3">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Wordpress &lt;= 1.5.1.3 Remote Code Execution eXploit (metasploit)</title>
<references>
<exploitdb>1145</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.2">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit</title>
<references>
<osvdb>17636</osvdb>
<osvdb>17637</osvdb>
<osvdb>17638</osvdb>
<osvdb>17639</osvdb>
<osvdb>17640</osvdb>
<osvdb>17641</osvdb>
<cve>2005-2108</cve>
<exploitdb>1077</exploitdb>
<secunia>15831</secunia>
<secunia>15898</secunia>
</references>
<type>SQLI</type>
<fixed_in>1.5.1.3</fixed_in>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.1">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 &quot;add new admin&quot; SQL Injection Exploit</title>
<references>
<secunia>1059</secunia>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit</title>
<references>
<exploitdb>1033</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
<wordpress version="1.5.1">
<vulnerability>
<title>Wordpress wp-register.php Multiple Parameter XSS</title>
<references>
<osvdb>38577</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<references>
<url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<references>
<url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
<wordpress version="1.5">
<vulnerability>
<title>WordPress wp-trackback.php tb_id Parameter SQL Injection</title>
<references>
<cve>2005-1687</cve>
<osvdb>16701</osvdb>
<osvdb>16702</osvdb>
<osvdb>16703</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress post.php p Parameter XSS</title>
<references>
<osvdb>16702</osvdb>
<osvdb>16701</osvdb>
<osvdb>16703</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Multiple Script Direct Request Path Disclosure</title>
<references>
<cve>2005-1688</cve>
<osvdb>16703</osvdb>
<osvdb>16701</osvdb>
<osvdb>16702</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<references>
<osvdb>16478</osvdb>
<secunia>15324</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress template-functions-post.php Multiple Field XSS</title>
<references>
<cve>2005-1102</cve>
<osvdb>15643</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</wordpress>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink