Information on source package wordpress

Available versions

ReleaseVersion
wheezy3.6.1+dfsg-1~deb7u10
wheezy (security)3.6.1+dfsg-1~deb7u19
jessie4.1+dfsg-1+deb8u14
jessie (security)4.1+dfsg-1+deb8u15
stretch4.7.5+dfsg-2
stretch (security)4.7.5+dfsg-2+deb9u1
buster4.8.3+dfsg-1
sid4.8.3+dfsg-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-9066fixedvulnerablefixedfixedfixedIn WordPress before 4.7.5, there is insufficient redirect validation in ...
CVE-2017-16510fixedvulnerablevulnerablefixedfixedWordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...
CVE-2017-14990vulnerablefixedfixedfixedfixedWordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...
CVE-2016-5836fixedvulnerable (no DSA)fixedfixedfixedThe oEmbed protocol implementation in WordPress before 4.5.3 allows ...
CVE-2012-6707vulnerablevulnerablevulnerablevulnerablevulnerableWordPress through 4.8.2 uses a weak MD5-based password hashing ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
TEMP-0500295-A176F7vulnerablevulnerablevulnerablevulnerablevulnerablepossible script injection via /etc/wordpress/wp-config.php
CVE-2013-7233vulnerablevulnerablevulnerablevulnerablevulnerableCross-site request forgery (CSRF) vulnerability in the retrospam ...
CVE-2012-5868vulnerablevulnerablevulnerablevulnerablevulnerableWordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...
CVE-2012-0937vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** wp-admin/setup-config.php in the installation component ...
CVE-2012-0782vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2011-4899vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** wp-admin/setup-config.php in the installation component ...
CVE-2011-4898vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** wp-admin/setup-config.php in the installation component ...
CVE-2008-0191vulnerablevulnerablevulnerablevulnerablevulnerableWordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...
CVE-2006-0733vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...

Resolved issues

BugDescription
TEMP-0783347-AEABE2Some plugins were vulnerable to an SQL injection vulnerability
TEMP-0783347-555527files with invalid or unsafe names could be uploaded
TEMP-0407116-23D9EFwordpress unregister_globals workaround from 2.0.7
TEMP-0369014-6AE03E'Cache' shell injection vulnerability
TEMP-0000000-0CA7E3XSS in press-this of wordpress
CVE-2017-9065In WordPress before 4.7.5, there is a lack of capability checks for ...
CVE-2017-9064In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) ...
CVE-2017-9063In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...
CVE-2017-9062In WordPress before 4.7.5, there is improper handling of post meta data ...
CVE-2017-9061In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...
CVE-2017-8295WordPress through 4.7.4 relies on the Host HTTP header for a ...
CVE-2017-6819In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...
CVE-2017-6818In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is ...
CVE-2017-6817In WordPress before 4.7.3 (wp-includes/embed.php), there is ...
CVE-2017-6816In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...
CVE-2017-6815In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...
CVE-2017-6814In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...
CVE-2017-5612Cross-site scripting (XSS) vulnerability in ...
CVE-2017-5611SQL injection vulnerability in wp-includes/class-wp-query.php in ...
CVE-2017-5610wp-admin/includes/class-wp-press-this.php in Press This in WordPress ...
CVE-2017-5493wp-includes/ms-functions.php in the Multisite WordPress API in ...
CVE-2017-5492Cross-site request forgery (CSRF) vulnerability in the widget-editing ...
CVE-2017-5491wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...
CVE-2017-5490Cross-site scripting (XSS) vulnerability in the theme-name fallback ...
CVE-2017-5489Cross-site request forgery (CSRF) vulnerability in WordPress before ...
CVE-2017-5488Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2017-5487wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in ...
CVE-2017-14726Before version 4.8.2, WordPress was vulnerable to a cross-site ...
CVE-2017-14725Before version 4.8.2, WordPress was susceptible to an open redirect ...
CVE-2017-14724Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...
CVE-2017-14723Before version 4.8.2, WordPress mishandled % characters and additional ...
CVE-2017-14722Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...
CVE-2017-14721Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...
CVE-2017-14720Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...
CVE-2017-14719Before version 4.8.2, WordPress was vulnerable to a directory traversal ...
CVE-2017-14718Before version 4.8.2, WordPress was susceptible to a Cross-Site ...
CVE-2017-1001000The register_routes function in ...
CVE-2016-9263WordPress through 4.8.2, when domain-based flashmediaelement.swf ...
CVE-2016-7169Directory traversal vulnerability in the File_Upload_Upgrader class in ...
CVE-2016-7168Cross-site scripting (XSS) vulnerability in the media_handle_upload ...
CVE-2016-6897Cross-site request forgery (CSRF) vulnerability in the ...
CVE-2016-6896Directory traversal vulnerability in the wp_ajax_update_plugin ...
CVE-2016-6635Cross-site request forgery (CSRF) vulnerability in the ...
CVE-2016-6634Cross-site scripting (XSS) vulnerability in the network settings page ...
CVE-2016-5839WordPress before 4.5.3 allows remote attackers to bypass the ...
CVE-2016-5838WordPress before 4.5.3 allows remote attackers to bypass intended ...
CVE-2016-5837WordPress before 4.5.3 allows remote attackers to bypass intended ...
CVE-2016-5835WordPress before 4.5.3 allows remote attackers to obtain sensitive ...
CVE-2016-5834Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...
CVE-2016-5833Cross-site scripting (XSS) vulnerability in the column_title function ...
CVE-2016-5832The customizer in WordPress before 4.5.3 allows remote attackers to ...
CVE-2016-4566Cross-site scripting (XSS) vulnerability in plupload.flash.swf in ...
CVE-2016-4029WordPress before 4.5 does not consider octal and hexadecimal IP ...
CVE-2016-2222The wp_http_validate_url function in wp-includes/http.php in WordPress ...
CVE-2016-2221Open redirect vulnerability in the wp_validate_redirect function in ...
CVE-2016-1564Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2016-10148The wp_ajax_update_plugin function in ...
CVE-2015-8834Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...
CVE-2015-7989Cross-site scripting (XSS) vulnerability in the user list table in ...
CVE-2015-5734Cross-site scripting (XSS) vulnerability in the legacy theme preview ...
CVE-2015-5733Cross-site scripting (XSS) vulnerability in the ...
CVE-2015-5732Cross-site scripting (XSS) vulnerability in the form function in the ...
CVE-2015-5731Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php ...
CVE-2015-5730The sanitize_widget_instance function in ...
CVE-2015-5715The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in ...
CVE-2015-5714Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 ...
CVE-2015-5623WordPress before 4.2.3 does not properly verify the edit_posts ...
CVE-2015-5622Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 ...
CVE-2015-3440Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...
CVE-2015-3439Cross-site scripting (XSS) vulnerability in the Ephox (formerly ...
CVE-2015-3438Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...
CVE-2015-3429Cross-site scripting (XSS) vulnerability in example.html in Genericons ...
CVE-2015-2213SQL injection vulnerability in the wp_untrash_post_comments function ...
CVE-2014-9039wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x ...
CVE-2014-9038wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, ...
CVE-2014-9037WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and ...
CVE-2014-9036Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, ...
CVE-2014-9035Cross-site scripting (XSS) vulnerability in Press This in WordPress ...
CVE-2014-9034wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before ...
CVE-2014-9033Cross-site request forgery (CSRF) vulnerability in wp-login.php in ...
CVE-2014-9032Cross-site scripting (XSS) vulnerability in the media-playlists ...
CVE-2014-9031Cross-site scripting (XSS) vulnerability in the wptexturize function ...
CVE-2014-6412
CVE-2014-5266The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5265The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5240Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...
CVE-2014-5205wp-includes/pluggable.php in WordPress before 3.9.2 does not use ...
CVE-2014-5204wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid ...
CVE-2014-5203wp-includes/class-wp-customize-widgets.php in the widget ...
CVE-2014-2053getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and ...
CVE-2014-0166The wp_validate_auth_cookie function in wp-includes/pluggable.php in ...
CVE-2014-0165WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote ...
CVE-2013-5739The default configuration of WordPress before 3.6.1 does not prevent ...
CVE-2013-5738The get_allowed_mime_types function in wp-includes/functions.php in ...
CVE-2013-4340wp-admin/includes/post.php in WordPress before 3.6.1 allows remote ...
CVE-2013-4339WordPress before 3.6.1 does not properly validate URLs before use in ...
CVE-2013-4338wp-includes/functions.php in WordPress before 3.6.1 does not properly ...
CVE-2013-2205The default configuration of SWFUpload in WordPress before 3.5.2 has ...
CVE-2013-2204moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media ...
CVE-2013-2203WordPress before 3.5.2, when the uploads directory forbids write ...
CVE-2013-2202WordPress before 3.5.2 allows remote attackers to read arbitrary files ...
CVE-2013-2201Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...
CVE-2013-2200WordPress before 3.5.2 does not properly check the capabilities of ...
CVE-2013-2199The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...
CVE-2013-2173wp-includes/class-phpass.php in WordPress 3.5.1, when a ...
CVE-2013-0237Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode ...
CVE-2013-0236Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...
CVE-2013-0235The XMLRPC API in WordPress before 3.5.1 allows remote attackers to ...
CVE-2012-6635wp-admin/includes/class-wp-posts-list-table.php in WordPress before ...
CVE-2012-6634wp-admin/media-upload.php in WordPress before 3.3.3 allows remote ...
CVE-2012-6633Cross-site scripting (XSS) vulnerability in ...
CVE-2012-6112classes/GoogleSpell.php in the PHP Spellchecker (aka Google ...
CVE-2012-4448Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...
CVE-2012-4422wp-admin/plugins.php in WordPress before 3.4.2, when the multisite ...
CVE-2012-4421The create_post function in wp-includes/class-wp-atom-server.php in ...
CVE-2012-3414Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...
CVE-2012-3385WordPress before 3.4.1 does not properly restrict access to post ...
CVE-2012-3384Cross-site request forgery (CSRF) vulnerability in the customizer in ...
CVE-2012-3383The map_meta_cap function in wp-includes/capabilities.php in WordPress ...
CVE-2012-2404wp-comments-post.php in WordPress before 3.3.2 supports offsite ...
CVE-2012-2403wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...
CVE-2012-2402wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...
CVE-2012-2401Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...
CVE-2012-2400Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...
CVE-2012-2399Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...
CVE-2012-0287Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...
CVE-2011-5270wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...
CVE-2011-4957The make_clickable function in wp-includes/formatting.php in WordPress ...
CVE-2011-4956Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 ...
CVE-2011-3130wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3129The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 ...
CVE-2011-3128WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached ...
CVE-2011-3127WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent ...
CVE-2011-3126WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote ...
CVE-2011-3125Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3122Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-0701wp-admin/async-upload.php in the media uploader in WordPress before ...
CVE-2011-0700Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...
CVE-2010-5297WordPress before 3.0.1, when a Multisite installation is used, ...
CVE-2010-5296wp-includes/capabilities.php in WordPress before 3.0.2, when a ...
CVE-2010-5295Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in ...
CVE-2010-5294Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2010-5293wp-includes/comment.php in WordPress before 3.0.2 does not properly ...
CVE-2010-5106The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...
CVE-2010-4536Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...
CVE-2010-4257SQL injection vulnerability in the do_trackbacks function in ...
CVE-2010-2230The KSES text cleaning filter in lib/weblib.php in Moodle before ...
CVE-2010-1619Cross-site scripting (XSS) vulnerability in the ...
CVE-2010-0682WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...
CVE-2009-3891Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...
CVE-2009-3890Unrestricted file upload vulnerability in the wp_check_filetype ...
CVE-2009-3622Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...
CVE-2009-2854Wordpress before 2.8.3 does not check capabilities for certain ...
CVE-2009-2853Wordpress before 2.8.3 allows remote attackers to gain privileges via ...
CVE-2009-2851Cross-site scripting (XSS) vulnerability in the administrator ...
CVE-2009-2762wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...
CVE-2009-2432WordPress and WordPress MU before 2.8.1 allow remote attackers to ...
CVE-2009-2431WordPress 2.7.1 places the username of a post's author in an HTML ...
CVE-2009-2336The forgotten mail interface in WordPress and WordPress MU before ...
CVE-2009-2335WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...
CVE-2009-2334wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework ...
CVE-2008-6767wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...
CVE-2008-6762Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...
CVE-2008-5695wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...
CVE-2008-5278Cross-site scripting (XSS) vulnerability in the self_link function in ...
CVE-2008-5113WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...
CVE-2008-4796The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...
CVE-2008-4769Directory traversal vulnerability in the get_category_template ...
CVE-2008-4671Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...
CVE-2008-4106WordPress before 2.6.2 does not properly handle MySQL warnings about ...
CVE-2008-3747The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...
CVE-2008-3233Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...
CVE-2008-2392Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...
CVE-2008-2146wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...
CVE-2008-2068Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...
CVE-2008-1930The cookie authentication method in WordPress 2.5 relies on a hash of ...
CVE-2008-1502The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...
CVE-2008-1304Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...
CVE-2008-0664The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...
CVE-2008-0196Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...
CVE-2008-0195WordPress 2.0.11 and earlier allows remote attackers to obtain ...
CVE-2008-0194Directory traversal vulnerability in wp-db-backup.php in WordPress ...
CVE-2008-0193Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...
CVE-2008-0192Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...
CVE-2007-6318SQL injection vulnerability in wp-includes/query.php in WordPress ...
CVE-2007-6013Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...
CVE-2007-5710Cross-site scripting (XSS) vulnerability in ...
CVE-2007-5106Cross-site scripting (XSS) vulnerability in wp-register.php in ...
CVE-2007-5105Cross-site scripting (XSS) vulnerability in wp-register.php in ...
CVE-2007-4894Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and ...
CVE-2007-4893wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...
CVE-2007-4483Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...
CVE-2007-4165Cross-site scripting (XSS) vulnerability in index.php in the Blue ...
CVE-2007-4154SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...
CVE-2007-4153Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...
CVE-2007-3639WordPress before 2.2.2 allows remote attackers to redirect visitors to ...
CVE-2007-3544Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...
CVE-2007-3543Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...
CVE-2007-3238Cross-site scripting (XSS) vulnerability in functions.php in the ...
CVE-2007-3215PHPMailer 1.7, when configured to use sendmail, allows remote ...
CVE-2007-3140SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...
CVE-2007-2821SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...
CVE-2007-2714Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...
CVE-2007-2627Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-1897SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...
CVE-2007-1894Cross-site scripting (XSS) vulnerability in ...
CVE-2007-1893xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...
CVE-2007-1732** DISPUTED ** ...
CVE-2007-1622Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...
CVE-2007-1599wp-login.php in WordPress allows remote attackers to redirect ...
CVE-2007-1409WordPress allows remote attackers to obtain sensitive information via ...
CVE-2007-1277WordPress 2.1.1, as downloaded from some official distribution sites ...
CVE-2007-1244Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...
CVE-2007-1230Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2007-1049Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...
CVE-2007-0541WordPress allows remote attackers to determine the existence of ...
CVE-2007-0540WordPress allows remote attackers to cause a denial of service ...
CVE-2007-0539The wp_remote_fopen function in WordPress before 2.1 allows remote ...
CVE-2007-0262WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...
CVE-2007-0233wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...
CVE-2007-0109wp-login.php in WordPress 2.0.5 and earlier displays different error ...
CVE-2007-0107WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...
CVE-2007-0106Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...
CVE-2006-6808Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...
CVE-2006-6017WordPress before 2.0.5 does not properly store a profile containing a ...
CVE-2006-6016wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...
CVE-2006-5705Multiple directory traversal vulnerabilities in ...
CVE-2006-4743WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...
CVE-2006-4208Directory traversal vulnerability in wp-db-backup.php in Skippy ...
CVE-2006-4028Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...
CVE-2006-3390WordPress 2.0.3 allows remote attackers to obtain the installation ...
CVE-2006-3389index.php in WordPress 2.0.3 allows remote attackers to obtain ...
CVE-2006-2702vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...
CVE-2006-2667Direct static code injection vulnerability in WordPress 2.0.2 and ...
CVE-2006-1796Cross-site scripting (XSS) vulnerability in the paging links ...
CVE-2006-1263Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in ...
CVE-2006-1012SQL injection vulnerability in WordPress 1.5.2, and possibly other ...
CVE-2006-0986WordPress 2.0.1 and earlier allows remote attackers to obtain ...
CVE-2006-0985Multiple cross-site scripting (XSS) vulnerabilities in the "post ...
CVE-2005-4600Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...
CVE-2005-4463WordPress before 1.5.2 allows remote attackers to obtain sensitive ...
CVE-2005-3330The _httpsrequest function in Snoopy 1.2, as used in products such as ...
CVE-2005-2612Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...
CVE-2005-2110WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...
CVE-2005-2109wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...
CVE-2005-2108SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...
CVE-2005-2107Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...
CVE-2005-1810SQL injection vulnerability in template-functions-category.php in ...
CVE-2005-1688Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...
CVE-2005-1687SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...
CVE-2004-1584CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...
CVE-2004-1559Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...
CVE-2003-1598SQL injection vulnerability in log.header.php in WordPress 0.7 and ...

Security announcements

DSA / DLADescription
DLA-1151-2wordpress - regression update
DLA-1160-1wordpress - security update
DLA-1151-1wordpress - security update
DSA-3997-1wordpress - security update
DSA-3997-1wordpress - security update
DLA-1075-1wordpress - security update
DLA-975-1wordpress - security update
DSA-3870-1wordpress - security update
DSA-3815-1wordpress - security update
DLA-860-1wordpress - security update
DSA-3779-1wordpress - security update
DLA-813-1wordpress - security update
DSA-3681-2wordpress - regression update
DSA-3681-1wordpress - security update
DLA-633-1wordpress - security update
DSA-3639-1wordpress - security update
DLA-568-1wordpress - security update
DLA-418-1wordpress - security update
DSA-3472-1wordpress - security update
DSA-3472-1wordpress - security update
DSA-3444-1wordpress - security update
DSA-3444-1wordpress - security update
DSA-3383-1wordpress - security update
DSA-3332-2wordpress - regression update
DSA-3375-1wordpress - security update
DLA-321-1wordpress - security update
DLA-294-1wordpress - security update
DSA-3332-1wordpress - security update
DSA-3328-1wordpress - security update
DLA-236-1wordpress - security update
DSA-3250-1wordpress - security update
DSA-3250-1wordpress - security update
DSA-3085-1wordpress - security update
DLA-56-1wordpress - security update
DSA-3001-1wordpress - security update
DSA-2901-1wordpress - security update
DSA-2901-1wordpress - security update
DSA-2757-1wordpress - several
DSA-2757-1wordpress - several
DSA-2718-1wordpress - several
DSA-2718-1wordpress - several
DSA-2470-1wordpress - several
DSA-2190-1wordpress - several
DSA-2138-1wordpress - SQL injection
DSA-1871-2wordpress - regression fix
DSA-1871-1wordpress - several vulnerabilities
DSA-1871-1wordpress - several vulnerabilities
DSA-1601-1wordpress - several vulnerabilities
DSA-1564-1wordpress - several vulnerabilities
DSA-1502-1wordpress - multiple vulnerabilities
DSA-1285-1wordpress

Search for package or bug name: Reporting problems