Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 3.5.1+dfsg-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.5.2+dfsg-1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-dyvh-cj55-rqdg

vulnerability_id VCID-dyvh-cj55-rqdg

summary Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4448

reference_id

reference_type

scores

value	0.00153
scoring_system	epss
scoring_elements	0.3565
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4448

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689031
reference_id	689031
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689031

fixed_packages

url	pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eg3u-uaqx-m7f2

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-4448

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyvh-cj55-rqdg

url VCID-mh2f-ytz5-9fhg

vulnerability_id VCID-mh2f-ytz5-9fhg

summary

PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283

reference_url

http://openwall.com/lists/oss-security/2013/01/21/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/01/21/1

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6112

reference_id

reference_type

scores

value	0.006
scoring_system	epss
scoring_elements	0.69833
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6112

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0

reference_url

https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3

reference_url

https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a

reference_url

https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb

reference_url

https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974

reference_url

https://moodle.org/mod/forum/discuss.php?d=220157

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=220157

reference_url

https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell

reference_url

https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667
reference_id	701667
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6112

reference_id

CVE-2012-6112

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6112

reference_url	https://github.com/advisories/GHSA-fx5h-3786-h2w6
reference_id	GHSA-fx5h-3786-h2w6
reference_type
scores
url	https://github.com/advisories/GHSA-fx5h-3786-h2w6

fixed_packages

url	pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eg3u-uaqx-m7f2

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-6112, GHSA-fx5h-3786-h2w6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-2%3Fdistro=trixie

Package Instance