Information on source package wordpress

Available versions

ReleaseVersion
squeeze3.0.5+dfsg-0+squeeze1
wheezy, sid3.3.2+dfsg-1
squeeze3.3.2+dfsg-1~squeeze1

Open issues

BugDescription
CVE-2011-4898** DISPUTED ** wp-admin/setup-config.php in the installation component ...
CVE-2011-4899** DISPUTED ** wp-admin/setup-config.php in the installation component ...
CVE-2012-0782** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...

Open unimportant issues

BugDescription
CVE-2006-0733** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...
CVE-2008-0191WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...
CVE-2012-0937** DISPUTED ** wp-admin/setup-config.php in the installation component ...
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.php

Resolved issues

BugDescription
CVE-2004-1559Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...
CVE-2004-1584CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...
CVE-2005-1687SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...
CVE-2005-1688Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...
CVE-2005-1810SQL injection vulnerability in template-functions-category.php in ...
CVE-2005-2107Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...
CVE-2005-2108SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...
CVE-2005-2109wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...
CVE-2005-2110WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...
CVE-2005-2612Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...
CVE-2005-3330The _httpsrequest function in Snoopy 1.2, as used in products such as ...
CVE-2005-4463WordPress before 1.5.2 allows remote attackers to obtain sensitive ...
CVE-2005-4600Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...
CVE-2006-0985Multiple cross-site scripting (XSS) vulnerabilities in the "post ...
CVE-2006-0986WordPress 2.0.1 and earlier allows remote attackers to obtain ...
CVE-2006-1012SQL injection vulnerability in WordPress 1.5.2, and possibly other ...
CVE-2006-1263Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in ...
CVE-2006-1796Cross-site scripting (XSS) vulnerability in the paging links ...
CVE-2006-2667Direct static code injection vulnerability in WordPress 2.0.2 and ...
CVE-2006-2702vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...
CVE-2006-3389index.php in WordPress 2.0.3 allows remote attackers to obtain ...
CVE-2006-3390WordPress 2.0.3 allows remote attackers to obtain the installation ...
CVE-2006-4028Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...
CVE-2006-4208Directory traversal vulnerability in wp-db-backup.php in Skippy ...
CVE-2006-4743WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...
CVE-2006-5705Multiple directory traversal vulnerabilities in ...
CVE-2006-6016wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...
CVE-2006-6017WordPress before 2.0.5 does not properly store a profile containing a ...
CVE-2006-6808Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...
CVE-2007-0106Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...
CVE-2007-0107WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...
CVE-2007-0109wp-login.php in WordPress 2.0.5 and earlier displays different error ...
CVE-2007-0233wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...
CVE-2007-0262WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...
CVE-2007-0539The wp_remote_fopen function in WordPress before 2.1 allows remote ...
CVE-2007-0540WordPress allows remote attackers to cause a denial of service ...
CVE-2007-0541WordPress allows remote attackers to determine the existence of ...
CVE-2007-1049Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...
CVE-2007-1230Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2007-1244Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...
CVE-2007-1277WordPress 2.1.1, as downloaded from some official distribution sites ...
CVE-2007-1409WordPress allows remote attackers to obtain sensitive information via ...
CVE-2007-1599wp-login.php in WordPress allows remote attackers to redirect ...
CVE-2007-1622Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...
CVE-2007-1732** DISPUTED ** ...
CVE-2007-1893xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...
CVE-2007-1894Cross-site scripting (XSS) vulnerability in ...
CVE-2007-1897SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-2627Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...
CVE-2007-2714Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...
CVE-2007-2821SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...
CVE-2007-3140SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...
CVE-2007-3215PHPMailer 1.7, when configured to use sendmail, allows remote ...
CVE-2007-3238Cross-site scripting (XSS) vulnerability in functions.php in the ...
CVE-2007-3543Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...
CVE-2007-3544Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...
CVE-2007-3639WordPress before 2.2.2 allows remote attackers to redirect visitors to ...
CVE-2007-4153Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...
CVE-2007-4154SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...
CVE-2007-4165Cross-site scripting (XSS) vulnerability in index.php in the Blue ...
CVE-2007-4483Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...
CVE-2007-4893wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...
CVE-2007-4894Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and ...
CVE-2007-5105Cross-site scripting (XSS) vulnerability in wp-register.php in ...
CVE-2007-5106Cross-site scripting (XSS) vulnerability in wp-register.php in ...
CVE-2007-5710Cross-site scripting (XSS) vulnerability in ...
CVE-2007-6013Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...
CVE-2007-6318SQL injection vulnerability in wp-includes/query.php in WordPress ...
CVE-2008-0192Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...
CVE-2008-0193Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...
CVE-2008-0194Directory traversal vulnerability in wp-db-backup.php in WordPress ...
CVE-2008-0195WordPress 2.0.11 and earlier allows remote attackers to obtain ...
CVE-2008-0196Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...
CVE-2008-0664The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...
CVE-2008-1304Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...
CVE-2008-1502The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...
CVE-2008-1930The cookie authentication method in WordPress 2.5 relies on a hash of ...
CVE-2008-2068Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...
CVE-2008-2146wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...
CVE-2008-2392Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...
CVE-2008-3233Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...
CVE-2008-3747The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...
CVE-2008-4106WordPress before 2.6.2 does not properly handle MySQL warnings about ...
CVE-2008-4671Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...
CVE-2008-4769Directory traversal vulnerability in the get_category_template ...
CVE-2008-4796The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...
CVE-2008-5113WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...
CVE-2008-5278Cross-site scripting (XSS) vulnerability in the self_link function in ...
CVE-2008-5695wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...
CVE-2008-6762Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...
CVE-2008-6767wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework ...
CVE-2009-2334wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...
CVE-2009-2335WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...
CVE-2009-2336The forgotten mail interface in WordPress and WordPress MU before ...
CVE-2009-2431WordPress 2.7.1 places the username of a post's author in an HTML ...
CVE-2009-2432WordPress and WordPress MU before 2.8.1 allow remote attackers to ...
CVE-2009-2762wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...
CVE-2009-2851Cross-site scripting (XSS) vulnerability in the administrator ...
CVE-2009-2853Wordpress before 2.8.3 allows remote attackers to gain privileges via ...
CVE-2009-2854Wordpress before 2.8.3 does not check capabilities for certain ...
CVE-2009-3622Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...
CVE-2009-3890Unrestricted file upload vulnerability in the wp_check_filetype ...
CVE-2009-3891Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...
CVE-2010-0682WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...
CVE-2010-1619Cross-site scripting (XSS) vulnerability in the ...
CVE-2010-2230The KSES text cleaning filter in lib/weblib.php in Moodle before ...
CVE-2010-4257SQL injection vulnerability in the do_trackbacks function in ...
CVE-2010-4536Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...
CVE-2011-0700Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...
CVE-2011-0701wp-admin/async-upload.php in the media uploader in WordPress before ...
CVE-2011-3122Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3125Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3126WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote ...
CVE-2011-3127WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent ...
CVE-2011-3128WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached ...
CVE-2011-3129The file upload functionality WordPress 3.1 before 3.1.3 and 3.2 ...
CVE-2011-3130wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-4956
CVE-2011-4957
CVE-2012-0287Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...
CVE-2012-2399Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...
CVE-2012-2400Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...
CVE-2012-2401Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...
CVE-2012-2402wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...
CVE-2012-2403wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...
CVE-2012-2404wp-comments-post.php in WordPress before 3.3.2 supports offsite ...
TEMP-0000000-0CA7E3XSS in press-this of wordpress
TEMP-0369014-6AE03E'Cache' shell injection vulnerability
TEMP-0407116-23D9EFwordpress unregister_globals workaround from 2.0.7
TEMP-0606657-A0D78Awordpress: insufficient permissions verification on XMLRPC interface

Security announcements

DSADescription
DSA-2470-1wordpress - several
DSA-2190-1wordpress - several
DSA-2138-1wordpress - SQL injection
DSA-1871-2wordpress - regression fix
DSA-1871-1wordpress - several vulnerabilities
DSA-1871-1wordpress - several vulnerabilities
DSA-1601-1wordpress - several vulnerabilities
DSA-1564-1wordpress - several vulnerabilities
DSA-1502-1wordpress - multiple vulnerabilities
DSA-1285-1wordpress
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)