Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200506-04
HistoryJun 06, 2005 - 12:00 a.m.

Wordpress: Multiple vulnerabilities

2005-06-0600:00:00
Gentoo Foundation
security.gentoo.org
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Background

WordPress is a PHP and MySQL based content management and publishing system.

Description

Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks.

Impact

An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim’s browser.

Workaround

There is no known workaround at this time.

Resolution

All Wordpress users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/wordpress< 1.5.1.2UNKNOWN

Related

nessus 4
openvas 4
wpvulndb 4
cve 3
patchstack 3
ubuntucve 1
debiancve 2
freebsd 1
nessus
nessus
GLSA-200506-04 : Wordpress: Multiple vulnerabilities
2005-06-07 00:00:00
WordPress 'template-functions-category.php' 'cat_ID' Parameter SQL Injection
2005-06-06 00:00:00
FreeBSD : wordpress -- multiple vulnerabilities (a4955b32-ed84-11d9-8310-0001020eed82)
2005-07-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200506-04 (Wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200506-04 (Wordpress)
2008-09-24 00:00:00
FreeBSD Ports: wordpress
2008-09-04 00:00:00
wpvulndb
wpvulndb
WordPress 1.5 & 1.5.1.1 - SQL Injection
2005-01-06 00:00:00
WordPress 1.5 template-functions-post.php Multiple Field XSS
2014-08-01 10:58:35
WordPress 1.5 wp-trackback.php tb_id Parameter SQL Injection
2014-08-01 10:58:34
cve
cve
CVE-2005-1810
2005-06-01 04:00:00
CVE-2005-1102
2005-05-02 04:00:00
CVE-2005-1687
2005-05-20 04:00:00
patchstack
patchstack
WordPress <=1.5.1 - SQL injection
2005-06-01 00:00:00
WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities
2005-04-13 00:00:00
WordPress <=1.5 - SQL injection vulnerability
2005-05-20 00:00:00
ubuntucve
ubuntucve
CVE-2005-1810
2005-06-01 00:00:00
debiancve
debiancve
CVE-2005-1810
2005-06-01 04:00:00
CVE-2005-1687
2005-05-20 04:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2005-04-12 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON
Related for GLSA-200506-04
nessus4openvas4wpvulndb4cve3patchstack3ubuntucve1debiancve2freebsd1