Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@2.1.3-1?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 2.1.3-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.2-1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6v3t-rvh1-9fg9

vulnerability_id VCID-6v3t-rvh1-9fg9

summary Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1732

reference_id

reference_type

scores

value	0.00456
scoring_system	epss
scoring_elements	0.64171
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1732

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1732
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1732

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1732

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v3t-rvh1-9fg9

url VCID-9sma-wr82-tqe2

vulnerability_id VCID-9sma-wr82-tqe2

summary Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1894

reference_id

reference_type

scores

value	0.05805
scoring_system	epss
scoring_elements	0.90649
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1894

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1894
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1894

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1894

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9sma-wr82-tqe2

url VCID-a121-ee9b-tyhm

vulnerability_id VCID-a121-ee9b-tyhm

summary Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

reference_id

reference_type

scores

value	0.03283
scoring_system	epss
scoring_elements	0.87402
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html
reference_id	CVE-2007-1622;OSVDB-34348
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html

reference_url	https://www.securityfocus.com/bid/23027/info
reference_id	CVE-2007-1622;OSVDB-34348
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/23027/info

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1622

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a121-ee9b-tyhm

url VCID-e9td-bq4r-tkap

vulnerability_id VCID-e9td-bq4r-tkap

summary Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-4483

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66396
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-4483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4483

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-4483

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9td-bq4r-tkap

url VCID-xj7c-um8u-jkcx

vulnerability_id VCID-xj7c-um8u-jkcx

summary xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1893

reference_id

reference_type

scores

value	0.00232
scoring_system	epss
scoring_elements	0.46124
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1893

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1893

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xj7c-um8u-jkcx

url VCID-yn6q-jgtv-8fhu

vulnerability_id VCID-yn6q-jgtv-8fhu

summary SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1897

reference_id

reference_type

scores

value	0.05002
scoring_system	epss
scoring_elements	0.8986
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1897

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3656.pl
reference_id	OSVDB-34351;CVE-2007-1897
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3656.pl

fixed_packages

url	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1897

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn6q-jgtv-8fhu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie

Package Instance