1 line
145 KiB
JSON
1 line
145 KiB
JSON
[{"3.8.1":{"vulnerabilities":[{"id":92489,"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1","url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/","created_at":"2014-08-01T10:49:55.382Z","updated_at":"2014-08-01T10:49:55.382Z"},{"id":92490,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-08-01T10:49:55.457Z","updated_at":"2014-08-01T10:49:55.457Z","fixed_in":"3.8.2"},{"id":92491,"title":"Privilege escalation: contributors publishing posts","url":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165","osvdb":"105630","cve":"2014-0165","created_at":"2014-08-01T10:49:55.529Z","updated_at":"2014-08-01T10:49:55.529Z","fixed_in":"3.8.2"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.8.2"}]}},{"3.8":{"vulnerabilities":[{"id":92493,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-08-01T10:49:55.646Z","updated_at":"2014-08-01T10:49:55.646Z"}]}},{"3.7.1":{"vulnerabilities":[{"id":92490,"title":"Potential Authentication Cookie Forgery","url":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be","osvdb":"105620","cve":"2014-0166","created_at":"2014-08-01T10:49:55.457Z","updated_at":"2014-08-01T10:49:55.457Z","fixed_in":"3.7.2"},{"id":92491,"title":"Privilege escalation: contributors publishing posts","url":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165","osvdb":"105630","cve":"2014-0165","created_at":"2014-08-01T10:49:55.529Z","updated_at":"2014-08-01T10:49:55.529Z","fixed_in":"3.7.2"},{"id":92493,"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure","url":"http://seclists.org/fulldisclosure/2013/Dec/135","osvdb":"101101","created_at":"2014-08-01T10:49:55.646Z","updated_at":"2014-08-01T10:49:55.646Z"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.7.2"}]}},{"3.6":{"vulnerabilities":[{"id":92494,"title":"PHP Object Injection","url":"http://vagosec.org/2013/09/wordpress-php-object-injection/,http://www.openwall.com/lists/oss-security/2013/09/12/1,http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340,http://core.trac.wordpress.org/changeset/25325","osvdb":"97211","cve":"2013-4338","secunia":"54803","created_at":"2014-08-01T10:49:55.999Z","updated_at":"2014-08-01T10:49:55.999Z","fixed_in":"3.6.1"},{"id":92495,"title":"wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97210","cve":"2013-5739","created_at":"2014-08-01T10:49:56.071Z","updated_at":"2014-08-01T10:49:56.071Z","fixed_in":"3.6.1"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92497,"title":"wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing","url":"http://core.trac.wordpress.org/changeset/25321","osvdb":"97213","cve":"2013-4340","secunia":"54803","created_at":"2014-08-01T10:49:56.199Z","updated_at":"2014-08-01T10:49:56.199Z","fixed_in":"3.6.1"},{"id":92498,"title":"wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness","url":"http://core.trac.wordpress.org/changeset/25322","osvdb":"97214","cve":"2013-5738","created_at":"2014-08-01T10:49:56.256Z","updated_at":"2014-08-01T10:49:56.256Z","fixed_in":"3.6.1"},{"id":92499,"title":"Multiple Function Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Nov/220","osvdb":"100487","created_at":"2014-08-01T10:49:56.321Z","updated_at":"2014-08-01T10:49:56.321Z"},{"id":92500,"title":"Multiple Script Arbitrary Site Redirect","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101181","created_at":"2014-08-01T10:49:56.375Z","updated_at":"2014-08-01T10:49:56.375Z","fixed_in":"3.6.1"},{"id":92501,"title":"wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS","url":"http://seclists.org/fulldisclosure/2013/Dec/174","osvdb":"101182","created_at":"2014-08-01T10:49:56.434Z","updated_at":"2014-08-01T10:49:56.434Z","fixed_in":"3.6.1"}]}},{"3.5.2":{"vulnerabilities":[{"id":92502,"title":"Media Library Multiple Function Path Disclosure","url":"http://websecurity.com.ua/6795/","osvdb":"100484","created_at":"2014-08-01T10:49:56.497Z","updated_at":"2014-08-01T10:49:56.497Z"},{"id":92503,"title":"SWFUpload Content Spoofing","url":"http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html,https://github.com/wpscanteam/wpscan/issues/243","created_at":"2014-08-01T10:49:56.549Z","updated_at":"2014-08-01T10:49:56.549Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.5.1":{"vulnerabilities":[{"id":92504,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-08-01T10:49:56.671Z","updated_at":"2014-08-01T10:49:56.671Z","fixed_in":"3.5.2"},{"id":92505,"title":"WordPress 3.4-3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-08-01T10:49:56.733Z","updated_at":"2014-08-01T10:49:56.733Z","fixed_in":"3.5.2"},{"id":92506,"title":"WordPress Multiple XSS","osvdb":"94791,94785,94786,94790","created_at":"2014-08-01T10:49:56.795Z","updated_at":"2014-08-01T10:49:56.795Z","fixed_in":"3.5.2"},{"id":92507,"title":"WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness","osvdb":"94787","created_at":"2014-08-01T10:49:56.865Z","updated_at":"2014-08-01T10:49:56.865Z","fixed_in":"3.5.2"},{"id":92508,"title":"WordPress File Upload Unspecified Path Disclosure","osvdb":"94788","created_at":"2014-08-01T10:49:56.946Z","updated_at":"2014-08-01T10:49:56.946Z","fixed_in":"3.5.2"},{"id":92509,"title":"WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure","osvdb":"94789","created_at":"2014-08-01T10:49:57.090Z","updated_at":"2014-08-01T10:49:57.090Z","fixed_in":"3.5.2"},{"id":92510,"title":"WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation","osvdb":"94783","created_at":"2014-08-01T10:49:57.166Z","updated_at":"2014-08-01T10:49:57.166Z","fixed_in":"3.5.2"},{"id":92511,"title":"WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)","osvdb":"94784","created_at":"2014-08-01T10:49:57.247Z","updated_at":"2014-08-01T10:49:57.247Z","fixed_in":"3.5.2"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.5":{"vulnerabilities":[{"id":92504,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-08-01T10:49:56.671Z","updated_at":"2014-08-01T10:49:56.671Z","fixed_in":"3.5.2"},{"id":92512,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-08-01T10:49:57.530Z","updated_at":"2014-08-01T10:49:57.530Z","fixed_in":"3.5.2"},{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92516,"title":"Shortcodes / Post Content Multiple Unspecified XSS","url":"http://www.securityfocus.com/bid/57554,http://securitytracker.com/id?1028045","osvdb":"89576","cve":"2013-0236","secunia":"51967","created_at":"2014-08-01T10:49:57.838Z","updated_at":"2014-08-01T10:49:57.838Z","fixed_in":"3.5.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.4.2":{"vulnerabilities":[{"id":92504,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-08-01T10:49:56.671Z","updated_at":"2014-08-01T10:49:56.671Z","fixed_in":"3.5.2"},{"id":92512,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-08-01T10:49:57.530Z","updated_at":"2014-08-01T10:49:57.530Z","fixed_in":"3.5.2"},{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92517,"title":"WordPress 3.4.2 Cross Site Request Forgery","url":"http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html","created_at":"2014-08-01T10:49:58.194Z","updated_at":"2014-08-01T10:49:58.194Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.4.1":{"vulnerabilities":[{"id":92504,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-08-01T10:49:56.671Z","updated_at":"2014-08-01T10:49:56.671Z","fixed_in":"3.5.2"},{"id":92512,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-08-01T10:49:57.530Z","updated_at":"2014-08-01T10:49:57.530Z","fixed_in":"3.5.2"},{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.4":{"vulnerabilities":[{"id":92504,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":"http://seclists.org/fulldisclosure/2013/Jul/70","osvdb":"95060","created_at":"2014-08-01T10:49:56.671Z","updated_at":"2014-08-01T10:49:56.671Z","fixed_in":"3.5.2"},{"id":92512,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":"http://seclists.org/fulldisclosure/2013/Jun/65","osvdb":"94235","cve":"2013-2173","secunia":"53676","created_at":"2014-08-01T10:49:57.530Z","updated_at":"2014-08-01T10:49:57.530Z","fixed_in":"3.5.2"},{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.4-beta4":{"vulnerabilities":[{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92518,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-08-01T10:49:59.704Z","updated_at":"2014-08-01T10:49:59.704Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.3.3":{"vulnerabilities":[{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"},{"id":92569,"title":"Theme My Login 6.3.9 - Local File Inclusion","url":"http://packetstormsecurity.com/files/127302/,http://seclists.org/fulldisclosure/2014/Jun/172,http://www.securityfocus.com/bid/68254,https://security.dxw.com/advisories/lfi-in-theme-my-login/","osvdb":"108517","created_at":"2014-08-01T10:50:39.792Z","updated_at":"2014-09-09T09:02:27.460Z"}]}},{"3.3.2":{"vulnerabilities":[{"id":92513,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":"https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","created_at":"2014-08-01T10:49:57.599Z","updated_at":"2014-08-01T10:49:57.599Z"},{"id":92518,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-08-01T10:49:59.704Z","updated_at":"2014-08-01T10:49:59.704Z"},{"id":92519,"title":"WordPress 3.3.2 Cross Site Scripting","url":"http://packetstormsecurity.org/files/113254","created_at":"2014-08-01T10:50:00.571Z","updated_at":"2014-08-01T10:50:00.571Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":92492,"title":"Plupload Unspecified XSS","osvdb":"105622","secunia":"57769","created_at":"2014-08-01T10:49:55.588Z","updated_at":"2014-08-01T10:49:55.588Z","fixed_in":"3.5.1"}]}},{"3.3.1":{"vulnerabilities":[{"id":92523,"title":"Multiple vulnerabilities including XSS and Privilege Escalation","url":"http://wordpress.org/news/2012/04/wordpress-3-3-2/","created_at":"2014-08-01T10:50:01.103Z","updated_at":"2014-08-01T10:50:01.103Z"},{"id":92524,"title":"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities","exploitdb":"18791","created_at":"2014-08-01T10:50:01.159Z","updated_at":"2014-08-01T10:50:01.159Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.3":{"vulnerabilities":[{"id":92526,"title":"Reflected Cross-Site Scripting in WordPress 3.3","url":"http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html","created_at":"2014-08-01T10:50:01.733Z","updated_at":"2014-08-01T10:50:01.733Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.2.1":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.2":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.1.4":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.1.3":{"vulnerabilities":[{"id":92527,"title":"wp-admin/link-manager.php Multiple Parameter SQL Injection","osvdb":"73723","secunia":"45099","exploitdb":"17465","created_at":"2014-08-01T10:50:03.848Z","updated_at":"2014-08-01T10:50:03.848Z","fixed_in":"3.1.4"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.1.2":{"vulnerabilities":[{"id":92528,"title":"Wordpress \u003c= 3.1.2 Clickjacking Vulnerability","url":"http://seclists.org/fulldisclosure/2011/Sep/219,http://www.securityfocus.com/bid/49730","created_at":"2014-08-01T10:50:04.408Z","updated_at":"2014-08-01T10:50:04.408Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.1.1":{"vulnerabilities":[{"id":92529,"title":"WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS","osvdb":"72142","created_at":"2014-08-01T10:50:04.943Z","updated_at":"2014-08-01T10:50:04.943Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.1":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.6":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.5":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.4":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.3":{"vulnerabilities":[{"id":92531,"title":"SQL injection vulnerability in do_trackbacks() Wordpress function","exploitdb":"15684","created_at":"2014-08-01T10:50:07.680Z","updated_at":"2014-08-01T10:50:07.680Z"},{"id":92532,"title":"Wordpress 3.0.3 stored XSS IE7,6 NS8.1","exploitdb":"15858","created_at":"2014-08-01T10:50:07.740Z","updated_at":"2014-08-01T10:50:07.740Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.2":{"vulnerabilities":[{"id":92533,"title":"WordPress XML-RPC Interface Access Restriction Bypass","osvdb":"69761","created_at":"2014-08-01T10:50:08.347Z","updated_at":"2014-08-01T10:50:08.347Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0.1":{"vulnerabilities":[{"id":92534,"title":"WordPress: Information Disclosure via SQL Injection Attack","url":"http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/","created_at":"2014-08-01T10:50:09.017Z","updated_at":"2014-08-01T10:50:09.017Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"}]}},{"3.0":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92530,"title":"wp-admin/press-this.php - Privilege Escalation","cve":"2011-5270","created_at":"2014-08-01T10:50:06.719Z","updated_at":"2014-08-01T10:50:06.719Z","fixed_in":"3.0.6"},{"id":92520,"title":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php","cve":"2012-6633","created_at":"2014-08-01T10:50:00.759Z","updated_at":"2014-08-01T10:50:00.759Z","fixed_in":"3.3.3"},{"id":92521,"title":"wp-admin/media-upload.php sensitive information disclosure or bypass","cve":"2012-6634","created_at":"2014-08-01T10:50:00.829Z","updated_at":"2014-08-01T10:50:00.829Z","fixed_in":"3.3.3"},{"id":92522,"title":"wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":"2012-6635","created_at":"2014-08-01T10:50:00.896Z","updated_at":"2014-08-01T10:50:00.896Z","fixed_in":"3.3.3"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0.1"},{"id":92496,"title":"Crafted String URL Redirect Restriction Bypass","url":"http://packetstormsecurity.com/files/123589/,http://core.trac.wordpress.org/changeset/25323,http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609","osvdb":"97212","cve":"2013-4339","secunia":"54803","exploitdb":"28958","created_at":"2014-08-01T10:49:56.135Z","updated_at":"2014-08-01T10:49:56.135Z","fixed_in":"3.6.1"},{"id":94053,"title":"testing","created_at":"2014-09-04T07:40:43.618Z","updated_at":"2014-09-04T07:40:43.618Z"},{"id":94060,"title":"before_save :ensure_has_an_asset","created_at":"2014-09-04T10:23:40.479Z","updated_at":"2014-09-04T10:29:41.654Z"},{"id":94061,"title":"ensure has an asset 1","url":"http://www.example.com","created_at":"2014-09-04T10:30:43.530Z","updated_at":"2014-09-04T10:30:43.530Z"},{"id":94062,"title":"testing ","url":"http://www.example.com","created_at":"2014-09-05T09:28:40.038Z","updated_at":"2014-09-05T09:28:40.038Z"},{"id":92569,"title":"Theme My Login 6.3.9 - Local File Inclusion","url":"http://packetstormsecurity.com/files/127302/,http://seclists.org/fulldisclosure/2014/Jun/172,http://www.securityfocus.com/bid/68254,https://security.dxw.com/advisories/lfi-in-theme-my-login/","osvdb":"108517","created_at":"2014-08-01T10:50:39.792Z","updated_at":"2014-09-09T09:02:27.460Z"}]}},{"2.9.2":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.9.1":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.9":{"vulnerabilities":[{"id":92540,"title":"WordPress 2.9 Failure to Restrict URL Access","exploitdb":"11441","created_at":"2014-08-01T10:50:12.326Z","updated_at":"2014-08-01T10:50:12.326Z"},{"id":92541,"title":"Wordpress DOS \u003c= 2.9","exploitdb":"11441","created_at":"2014-08-01T10:50:12.387Z","updated_at":"2014-08-01T10:50:12.387Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.6":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.5":{"vulnerabilities":[{"id":92542,"title":"WordPress \u003c= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution","exploitdb":"10089","created_at":"2014-08-01T10:50:13.705Z","updated_at":"2014-08-01T10:50:13.705Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.4":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.3":{"vulnerabilities":[{"id":92543,"title":"Wordpress \u003c= 2.8.3 Remote Admin Reset Password Vulnerability","exploitdb":"9410","created_at":"2014-08-01T10:50:14.981Z","updated_at":"2014-08-01T10:50:14.981Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.2":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8.1":{"vulnerabilities":[{"id":92544,"title":"Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit","exploitdb":"9250","created_at":"2014-08-01T10:50:16.187Z","updated_at":"2014-08-01T10:50:16.187Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.8":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.7.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.7":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6.5":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6.4":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6.3":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92546,"title":"Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit","exploitdb":"6421","created_at":"2014-08-01T10:50:21.009Z","updated_at":"2014-08-01T10:50:21.009Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.6":{"vulnerabilities":[{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.5.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.5":{"vulnerabilities":[{"id":92547,"title":"Wordpress 2.5 Cookie Integrity Protection Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded","cve":"2008-1930","created_at":"2014-08-01T10:50:22.945Z","updated_at":"2014-08-01T10:50:22.945Z"},{"id":92525,"title":"XSS vulnerability in swfupload in WordPress","url":"http://seclists.org/fulldisclosure/2012/Nov/51","created_at":"2014-08-01T10:50:01.218Z","updated_at":"2014-08-01T10:50:01.218Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.3.3":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.3.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.3.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92548,"title":"Wordpress \u003c= 2.3.1 Charset Remote SQL Injection Vulnerability","exploitdb":"4721","created_at":"2014-08-01T10:50:24.865Z","updated_at":"2014-08-01T10:50:24.865Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.3":{"vulnerabilities":[{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.2.3":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.2.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.2.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92549,"title":"WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit","exploitdb":"4113","created_at":"2014-08-01T10:50:27.686Z","updated_at":"2014-08-01T10:50:27.686Z"},{"id":92550,"title":"Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit","exploitdb":"4039","created_at":"2014-08-01T10:50:27.746Z","updated_at":"2014-08-01T10:50:27.746Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.1.3":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92551,"title":"Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit","exploitdb":"3960","created_at":"2014-08-01T10:50:28.508Z","updated_at":"2014-08-01T10:50:28.508Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.1.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92552,"title":"WordPress \"year\" Cross-Site Scripting Vulnerability","url":"http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded","secunia":"24485","created_at":"2014-08-01T10:50:29.216Z","updated_at":"2014-08-01T10:50:29.216Z"},{"id":92553,"title":"Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit","exploitdb":"3656","created_at":"2014-08-01T10:50:29.271Z","updated_at":"2014-08-01T10:50:29.271Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.1.1":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92554,"title":"WordPress Command Execution and PHP Injection","url":"http://www.securityfocus.com/bid/22797,http://xforce.iss.net/xforce/xfdb/32807","cve":"2007-1277","secunia":"24374","created_at":"2014-08-01T10:50:29.871Z","updated_at":"2014-08-01T10:50:29.871Z","fixed_in":"2.1.2"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.1":{"vulnerabilities":[{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.11":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.10":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.9":{"vulnerabilities":[{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.8":{"vulnerabilities":[{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.7":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.6":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92555,"title":"Wordpress \u003c= 2.0.6 wp-trackback.php Remote SQL Injection Exploit","exploitdb":"3109","created_at":"2014-08-01T10:50:33.964Z","updated_at":"2014-08-01T10:50:33.964Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.5":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92556,"title":"Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit","exploitdb":"3095","created_at":"2014-08-01T10:50:34.576Z","updated_at":"2014-08-01T10:50:34.576Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.4":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92557,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-08-01T10:50:35.282Z","updated_at":"2014-08-01T10:50:35.282Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.3":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92557,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-08-01T10:50:35.282Z","updated_at":"2014-08-01T10:50:35.282Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.2":{"vulnerabilities":[{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92558,"title":"WordPress \u003c= 2.0.2 (cache) Remote Shell Injection Exploit","exploitdb":"6","created_at":"2014-08-01T10:50:36.381Z","updated_at":"2014-08-01T10:50:36.381Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92557,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":"http://www.securityfocus.com/bid/18779","created_at":"2014-08-01T10:50:35.282Z","updated_at":"2014-08-01T10:50:35.282Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0.1":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"2.0":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92545,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":"http://www.securityfocus.com/bid/35584/","created_at":"2014-08-01T10:50:17.405Z","updated_at":"2014-08-01T10:50:17.405Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"},{"id":92535,"title":"wp-includes/comment.php bypass intended spam restrictions via a crafted URL","osvdb":"104693","cve":"2010-5293","created_at":"2014-08-01T10:50:09.640Z","updated_at":"2014-08-01T10:50:09.640Z","fixed_in":"3.0.2"},{"id":92536,"title":"Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php","cve":"2010-5294","created_at":"2014-08-01T10:50:09.725Z","updated_at":"2014-08-01T10:50:09.725Z","fixed_in":"3.0.2"},{"id":92537,"title":"Cross-site scripting (XSS) in wp-admin/plugins.php","cve":"2010-5295","created_at":"2014-08-01T10:50:09.798Z","updated_at":"2014-08-01T10:50:09.798Z","fixed_in":"3.0.2"},{"id":92538,"title":"wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","cve":"2010-5296","created_at":"2014-08-01T10:50:09.874Z","updated_at":"2014-08-01T10:50:09.874Z","fixed_in":"3.0.2"},{"id":92539,"title":"Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action","osvdb":"104691","cve":"2010-5297","created_at":"2014-08-01T10:50:10.902Z","updated_at":"2014-08-01T10:50:10.902Z","fixed_in":"3.0"}]}},{"1.5.2":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"}]}},{"1.5.1.3":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92560,"title":"Wordpress \u003c= 1.5.1.3 Remote Code Execution eXploit (metasploit)","exploitdb":"1145","created_at":"2014-08-01T10:50:38.511Z","updated_at":"2014-08-01T10:50:38.511Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"}]}},{"1.5.1.2":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92561,"title":"Wordpress \u003c= 1.5.1.2 xmlrpc Interface SQL Injection Exploit","osvdb":"17636,17637,17638,17639,17640,17641","cve":"2005-2108","secunia":"15831,15898","exploitdb":"1077","created_at":"2014-08-01T10:50:38.758Z","updated_at":"2014-08-01T10:50:38.758Z","fixed_in":"1.5.1.3"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"}]}},{"1.5.1.1":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92562,"title":"WordPress \u003c= 1.5.1.1 \"add new admin\" SQL Injection Exploit","exploitdb":"1059","created_at":"2014-08-01T10:50:39.012Z","updated_at":"2014-08-01T10:50:39.012Z"},{"id":92563,"title":"WordPress \u003c= 1.5.1.1 SQL Injection Exploit","exploitdb":"1033","created_at":"2014-08-01T10:50:39.068Z","updated_at":"2014-08-01T10:50:39.068Z"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"}]}},{"1.5.1":{"vulnerabilities":[{"id":92559,"title":"Wordpress wp-register.php Multiple Parameter XSS","osvdb":"38577","created_at":"2014-08-01T10:50:36.975Z","updated_at":"2014-08-01T10:50:36.975Z","fixed_in":"2.0.2"},{"id":92514,"title":"XMLRPC Pingback API Internal/External Port Scanning","url":"https://github.com/FireFart/WordpressPingbackPortScanner","created_at":"2014-08-01T10:49:57.659Z","updated_at":"2014-08-01T10:49:57.659Z"},{"id":92515,"title":"WordPress XMLRPC pingback additional issues","url":"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","created_at":"2014-08-01T10:49:57.716Z","updated_at":"2014-08-01T10:49:57.716Z"}]}},{"1.5":{"vulnerabilities":[{"id":92564,"title":"WordPress wp-trackback.php tb_id Parameter SQL Injection","osvdb":"16701,16702,16703","cve":"2005-1687","created_at":"2014-08-01T10:50:39.485Z","updated_at":"2014-08-01T10:50:39.485Z","fixed_in":"1.5.1"},{"id":92565,"title":"WordPress post.php p Parameter XSS","osvdb":"16702,16701,16703","created_at":"2014-08-01T10:50:39.546Z","updated_at":"2014-08-01T10:50:39.546Z","fixed_in":"1.5.1"},{"id":92566,"title":"WordPress Multiple Script Direct Request Path Disclosure","osvdb":"16703,16701,16702","cve":"2005-1688","created_at":"2014-08-01T10:50:39.607Z","updated_at":"2014-08-01T10:50:39.607Z","fixed_in":"1.5.1"},{"id":92567,"title":"WordPress Cross-Site Scripting and SQL Injection Vulnerabilities","osvdb":"16478","secunia":"15324","created_at":"2014-08-01T10:50:39.670Z","updated_at":"2014-08-01T10:50:39.670Z","fixed_in":"1.5.1"},{"id":92568,"title":"WordPress template-functions-post.php Multiple Field XSS","osvdb":"15643","cve":"2005-1102","created_at":"2014-08-01T10:50:39.730Z","updated_at":"2014-08-01T10:50:39.730Z"}]}}] |