Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2008-5278

🗓️ 28 Nov 2008 19:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 62 Views🌐 WEB

Cross-site scripting vulnerability in WordPress RSS Feed Generator

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Tenable Nessus		WordPress < 2.6.5 'feed.php' XSS
2 Dec 200800:00
nessus
Tenable Nessus		Fedora 8 : wordpress-2.6.5-2.fc8 (2008-10468)
3 Dec 200800:00
nessus
Tenable Nessus		Fedora 10 : wordpress-2.6.5-2.fc10 (2008-10482)
23 Apr 200900:00
nessus
Tenable Nessus		Fedora 9 : wordpress-2.6.5-2.fc9 (2008-10483)
3 Dec 200800:00
nessus
Tenable Nessus		Fedora 10 : wordpress-mu-2.6.5-1.fc10 (2008-11104)
23 Apr 200900:00
nessus
Tenable Nessus		FreeBSD : wordpress -- header rss feed script insertion vulnerability (622bc638-be27-11dd-a578-0030843d3802)
1 Dec 200800:00
nessus
Tenable Nessus		WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS
2 Dec 200800:00
nessus
FreeBSD		wordpress -- header rss feed script insertion vulnerability
26 Nov 200800:00
freebsd
Check Point Advisories		Update Protection against WordPress Host Header XSS Vulnerability
5 Dec 200800:00
checkpoint_advisories
Check Point Advisories		WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting (CVE-2008-5278)
30 Sep 200900:00
checkpoint_advisories
Rows per page
NVD
Node
wordpresswordpressRange2.6.3
OR
wordpresswordpressMatch0.6.2
OR
wordpresswordpressMatch0.6.2beta_2
OR
wordpresswordpressMatch0.6.2.1
OR
wordpresswordpressMatch0.6.2.1beta_2
OR
wordpresswordpressMatch0.7
OR
wordpresswordpressMatch0.71
OR
wordpresswordpressMatch0.71-gold
OR
wordpresswordpressMatch0.72
OR
wordpresswordpressMatch0.72beta1
OR
wordpresswordpressMatch0.72beta2
OR
wordpresswordpressMatch0.72rc1
OR
wordpresswordpressMatch0.711
OR
wordpresswordpressMatch1.0
OR
wordpresswordpressMatch1.0-platinum
OR
wordpresswordpressMatch1.0.1
OR
wordpresswordpressMatch1.0.1-miles
OR
wordpresswordpressMatch1.0.2
OR
wordpresswordpressMatch1.0.2-blakey
OR
wordpresswordpressMatch1.2
OR
wordpresswordpressMatch1.2beta
OR
wordpresswordpressMatch1.2-delta
OR
wordpresswordpressMatch1.2-mingus
OR
wordpresswordpressMatch1.2.1
OR
wordpresswordpressMatch1.2.2
OR
wordpresswordpressMatch1.3.1
OR
wordpresswordpressMatch1.4
OR
wordpresswordpressMatch1.5
OR
wordpresswordpressMatch1.5-strayhorn
OR
wordpresswordpressMatch1.5.1
OR
wordpresswordpressMatch1.5.1.1
OR
wordpresswordpressMatch1.5.1.2
OR
wordpresswordpressMatch1.5.1.3
OR
wordpresswordpressMatch1.5.2
OR
wordpresswordpressMatch1.6
OR
wordpresswordpressMatch2.0
OR
wordpresswordpressMatch2.0.1
OR
wordpresswordpressMatch2.0.2
OR
wordpresswordpressMatch2.0.3
OR
wordpresswordpressMatch2.0.4
OR
wordpresswordpressMatch2.0.5
OR
wordpresswordpressMatch2.0.6
OR
wordpresswordpressMatch2.0.7
OR
wordpresswordpressMatch2.0.8
OR
wordpresswordpressMatch2.0.9
OR
wordpresswordpressMatch2.0.10
OR
wordpresswordpressMatch2.0.10_rc1
OR
wordpresswordpressMatch2.0.10_rc2
OR
wordpresswordpressMatch2.0.11
OR
wordpresswordpressMatch2.1
OR
wordpresswordpressMatch2.1alpha_3
OR
wordpresswordpressMatch2.1.1
OR
wordpresswordpressMatch2.1.2
OR
wordpresswordpressMatch2.1.3
OR
wordpresswordpressMatch2.1.3_rc1
OR
wordpresswordpressMatch2.1.3_rc2
OR
wordpresswordpressMatch2.2
OR
wordpresswordpressMatch2.2.0
OR
wordpresswordpressMatch2.2.1
OR
wordpresswordpressMatch2.2.2
OR
wordpresswordpressMatch2.2.3
OR
wordpresswordpressMatch2.2_revision5002
OR
wordpresswordpressMatch2.2_revision5003
OR
wordpresswordpressMatch2.3
OR
wordpresswordpressMatch2.3beta3
OR
wordpresswordpressMatch2.3rc1
OR
wordpresswordpressMatch2.3.1
OR
wordpresswordpressMatch2.3.1rc1
OR
wordpresswordpressMatch2.3.2
OR
wordpresswordpressMatch2.3.3
OR
wordpresswordpressMatch2.5
OR
wordpresswordpressMatch2.5.1
OR
wordpresswordpressMatch2.6
OR
wordpresswordpressMatch2.6.1
ParameterPositionPathDescriptionCWE
Hostheaderwp-includes/feed.phpXSS via Host header in RSS feed generation (wp-includes/feed.php) in WordPress before 2.6.5CWE-79

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2026 00:35Current
5.5Medium risk
Vulners AI Score5.5
CVSS 24.3
EPSS0.03157
CWE-79
cve-2008-5278cross-site scriptingxss vulnerabilitywordpressrss feed generator
62