Vendor Dictionary: WordPress

WordPress

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	http://wordpress.org [visit link]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]
Full Details...

Vulnerabilities by Vendor Product

WordPress

WordPress

: 1.5.1

Word Press: 1.5; 1.3; 1.2.x; 1.1.x; 1.0

Anti-Spam Plugin: 2.0; OSVDB ID: 58126 Anti-Spam Spinoff Plugin for WordPress Audio Clip Concatenation Weakness CAPTCHA Bypass

WordPress: 0.71; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 4609 WordPress blog.header.php Multiple Parameter SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 0.70; OSVDB ID: 4610 WordPress blog.header.php posts Parameter SQL Injection; OSVDB ID: 4611 WordPress links.all.php abspath Parameter Remote File Inclusion; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5; OSVDB ID: 16436 WordPress RSS/Atom Feed Password Protected Entry Disclosure; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 16701 WordPress wp-trackback.php tb_id Parameter SQL Injection; OSVDB ID: 16476 WordPress wp-login.php Arbitrary User Password Modification; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0; OSVDB ID: 27633 WordPress Multiple Unspecified Issues; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 38577 Wordpress wp-register.php Multiple Parameter XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.2; OSVDB ID: 25935 WordPress PC_REMOTE_ADDR vars.php IP Spoofing; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; OSVDB ID: 25777 WordPress User Profile Cache Injection Arbitrary PHP Code Injection; 2.2.1; OSVDB ID: 39377 Wordpress options-misc.php page_options Parameter SQL Injection; OSVDB ID: 37293 WordPress Default Theme functions.php XSS; OSVDB ID: 39373 Wordpress options-reading.php page_options Parameter SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.3.1; OSVDB ID: 39518 WordPress index.php wp-admin/ Unauthorized Draft Information Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.1.x; OSVDB ID: 34349 WordPress Search Function SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.5; OSVDB ID: 33397 WordPress CSRF Protection Scheme XSS; OSVDB ID: 31578 WordPress templates.php file Parameter XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.2.2; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; OSVDB ID: 10595 WordPress wp-login.php HTTP Response Splitting; 0.6.2.1; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 0.6.2; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.1; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 38577 Wordpress wp-register.php Multiple Parameter XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5.2; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 16702 WordPress post.php p Parameter XSS; OSVDB ID: 16703 WordPress Multiple Script Direct Request Path Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.2.2; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.2.1; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.2; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 0.71; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 0.7; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5.1.3; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5.1.2; OSVDB ID: 31646 Wordpress Multiple Unspecified XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.3; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.4; OSVDB ID: 31579 WordPress Multibyte Charset SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.2; OSVDB ID: 41037 WP-Footnotes Plugin for WordPress admin_panel.php Multiple Parameter XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.3.2; OSVDB ID: 41136 WordPress XML-RPC xmlrpc.php Unauthenticated Post Modification; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.1.3; OSVDB ID: 34352 WordPress Pingback Large File Handling DoS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.7.4; OSVDB ID: 40378 WP-Forum Plugin for WordPress index.php user Parameter SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.x; OSVDB ID: 36311 WordPress wp-admin/admin-ajax.php cookie Parameter SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.x; OSVDB ID: 41858 WP Photo Album Plugin for WordPress index.php photo Parameter SQL Injection; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.11; OSVDB ID: 43560 WordPress /wp-admin/themes.php page Parameter Traversal Arbitrary File Access; OSVDB ID: 43564 WordPress /wp-admin/admin.php Multiple Parameter Traversal Arbitrary File Access; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.0.11; OSVDB ID: 43561 WordPress /wp-admin/link-manager.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43562 WordPress /wp-admin/options-discussion.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43563 WordPress /wp-admin/user-edit.php page Parameter Traversal Arbitrary File Access; 2.0.11; 2.0.11; OSVDB ID: 43565 WordPress /wp-admin/edit-comments.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43566 WordPress /wp-admin/profile.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43567 WordPress /wp-admin/cat-js.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43568 WordPress /wp-admin/post.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43569 WordPress /wp-admin/moderation.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43570 WordPress /wp-admin/categories.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43571 WordPress /wp-admin/edit-pages.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43572 WordPress /wp-admin/templates.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43573 WordPress /wp-admin/theme-editor.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43574 WordPress /wp-admin/link-import.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43575 WordPress /wp-admin/link-categories.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43576 WordPress /wp-admin/index.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43577 WordPress /wp-admin/page-new.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43578 WordPress /wp-admin/options-writing.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43579 WordPress /wp-admin/profile-update.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43580 WordPress /wp-admin/options-general.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43581 WordPress /wp-admin/users.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43582 WordPress /wp-admin/plugin-editor.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43583 WordPress /wp-admin/import.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43584 WordPress /wp-admin/options-misc.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43585 WordPress /wp-admin/options-reading.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43586 WordPress /wp-admin/edit.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43587 WordPress /wp-admin/sidebar.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43588 WordPress /wp-admin/options.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43589 WordPress /wp-admin/inline-uploading.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43590 WordPress /wp-admin/bookmarklet.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43591 WordPress /wp-admin/admin.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43592 WordPress /wp-admin/options-permalink.php page Parameter Traversal Arbitrary File Access; 2.0.11; OSVDB ID: 43593 WordPress /wp-admin/link-add.php page Parameter Traversal Arbitrary File Access; 2.5.1; OSVDB ID: 45485 WordPress Dashboard Write Tabs Upload Section Unrestricted File Upload; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.0; OSVDB ID: 16701 WordPress wp-trackback.php tb_id Parameter SQL Injection; OSVDB ID: 16702 WordPress post.php p Parameter XSS; OSVDB ID: 16703 WordPress Multiple Script Direct Request Path Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.1.x; OSVDB ID: 16701 WordPress wp-trackback.php tb_id Parameter SQL Injection; OSVDB ID: 16702 WordPress post.php p Parameter XSS; OSVDB ID: 16703 WordPress Multiple Script Direct Request Path Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.2.x; OSVDB ID: 16701 WordPress wp-trackback.php tb_id Parameter SQL Injection; OSVDB ID: 16702 WordPress post.php p Parameter XSS; OSVDB ID: 16703 WordPress Multiple Script Direct Request Path Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.3; OSVDB ID: 16701 WordPress wp-trackback.php tb_id Parameter SQL Injection; OSVDB ID: 16702 WordPress post.php p Parameter XSS; OSVDB ID: 16703 WordPress Multiple Script Direct Request Path Disclosure; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 1.5.1; OSVDB ID: 23266 WordPress wp-comments-post.php Author's Website Field XSS; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.1.1; OSVDB ID: 33908 WordPress wp-includes/feed.php ix Variable Arbitrary Command Execution; OSVDB ID: 33909 WordPress wp-includes/theme.php iz Variable Arbitrary Command Execution; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.8.3; OSVDB ID: 56971 WordPress wp-login.php key Parameter Remote Administrator Password Reset; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.8.2; OSVDB ID: 56971 WordPress wp-login.php key Parameter Remote Administrator Password Reset; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.8.1; OSVDB ID: 56971 WordPress wp-login.php key Parameter Remote Administrator Password Reset; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure; 2.8; OSVDB ID: 56971 WordPress wp-login.php key Parameter Remote Administrator Password Reset; OSVDB ID: 58825 WordPress wp-admin/user-edit.php user_id Parameter Arbitrary User Metadata Disclosure

WordPress MU: 1.3.1; OSVDB ID: 41134 WordPress MU wp-admin/options.php Arbitrary PHP Code Upload / Execution

1.5.0: 1.5.0

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.