Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@2.2.2-1?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 2.2.2-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.2.3-1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1cp7-76kz-47ed

vulnerability_id VCID-1cp7-76kz-47ed

summary Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

references

reference_url	http://blogsecurity.net/wordpress/news/news-100607-1/
reference_id
reference_type
scores
url	http://blogsecurity.net/wordpress/news/news-100607-1/

reference_url	http://codex.wordpress.org/Roles_and_Capabilities
reference_id
reference_type
scores
url	http://codex.wordpress.org/Roles_and_Capabilities

reference_url	http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
reference_id
reference_type
scores
url	http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

reference_url	http://osvdb.org/37293
reference_id
reference_type
scores
url	http://osvdb.org/37293

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3238

reference_id

reference_type

scores

value	0.01473
scoring_system	epss
scoring_elements	0.8098
published_at	2026-04-21T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80882
published_at	2026-04-01T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80891
published_at	2026-04-02T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80914
published_at	2026-04-04T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80911
published_at	2026-04-07T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80939
published_at	2026-04-08T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80948
published_at	2026-04-09T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80964
published_at	2026-04-11T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.8095
published_at	2026-04-12T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80942
published_at	2026-04-13T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80978
published_at	2026-04-16T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80979
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3238

reference_url	http://secunia.com/advisories/25541/
reference_id
reference_type
scores
url	http://secunia.com/advisories/25541/

reference_url	http://secunia.com/advisories/29014
reference_id
reference_type
scores
url	http://secunia.com/advisories/29014

reference_url	http://securityreason.com/securityalert/2807
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/2807

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/34785
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/34785

reference_url	http://www.debian.org/security/2008/dsa-1502
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1502

reference_url	http://www.securityfocus.com/archive/1/470837/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/470837/100/0/threaded

reference_url	http://www.securityfocus.com/bid/25161
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/25161

reference_url	http://www.xssnews.com/
reference_id
reference_type
scores
url	http://www.xssnews.com/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2:::::::*
reference_id	cpe:2.3:a:wordpress:wordpress:2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3238

reference_id

CVE-2007-3238

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3238

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-3238

risk_score 2.7

exploitability 0.5

weighted_severity 5.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cp7-76kz-47ed

url VCID-6npq-by6g-cqg8

vulnerability_id VCID-6npq-by6g-cqg8

summary WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

references

reference_url	http://osvdb.org/40802
reference_id
reference_type
scores
url	http://osvdb.org/40802

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3639

reference_id

reference_type

scores

value	0.01146
scoring_system	epss
scoring_elements	0.7848
published_at	2026-04-21T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78406
published_at	2026-04-01T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78413
published_at	2026-04-02T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78444
published_at	2026-04-04T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78427
published_at	2026-04-07T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78453
published_at	2026-04-08T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78458
published_at	2026-04-09T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78483
published_at	2026-04-11T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78465
published_at	2026-04-12T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78457
published_at	2026-04-13T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78485
published_at	2026-04-16T12:55:00Z

value	0.01146
scoring_system	epss
scoring_elements	0.78484
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3639

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3639
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3639

reference_url	http://secunia.com/advisories/30013
reference_id
reference_type
scores
url	http://secunia.com/advisories/30013

reference_url	http://securityreason.com/securityalert/2869
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/2869

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/35272
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/35272

reference_url	http://www.debian.org/security/2008/dsa-1564
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1564

reference_url	http://www.securityfocus.com/archive/1/472885/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/472885/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::
reference_id	cpe:2.3:a:wordpress:wordpress::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3639

reference_id

CVE-2007-3639

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3639

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-3639

risk_score 1.8

exploitability 0.5

weighted_severity 3.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6npq-by6g-cqg8

url VCID-7kjc-hwqu-wufc

vulnerability_id VCID-7kjc-hwqu-wufc

summary wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1599

reference_id

reference_type

scores

value	0.01385
scoring_system	epss
scoring_elements	0.80261
published_at	2026-04-01T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80316
published_at	2026-04-09T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80334
published_at	2026-04-11T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.8032
published_at	2026-04-12T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80313
published_at	2026-04-13T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80268
published_at	2026-04-02T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80289
published_at	2026-04-04T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80277
published_at	2026-04-07T12:55:00Z

value	0.01385
scoring_system	epss
scoring_elements	0.80305
published_at	2026-04-08T12:55:00Z

value	0.01438
scoring_system	epss
scoring_elements	0.80744
published_at	2026-04-18T12:55:00Z

value	0.01438
scoring_system	epss
scoring_elements	0.80746
published_at	2026-04-21T12:55:00Z

value	0.01438
scoring_system	epss
scoring_elements	0.80743
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1599

reference_url	http://secunia.com/advisories/30960
reference_id
reference_type
scores
url	http://secunia.com/advisories/30960

reference_url	http://www.debian.org/security/2008/dsa-1601
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1601

reference_url	http://www.metaeye.org/advisories/40
reference_id
reference_type
scores
url	http://www.metaeye.org/advisories/40

reference_url	http://www.securityfocus.com/archive/1/463291/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/463291/100/0/threaded

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085
reference_id	437085
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
reference_id	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-1599

reference_id

CVE-2007-1599

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2007-1599

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-1599

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kjc-hwqu-wufc

url VCID-8sa8-xkg1-ybbm

vulnerability_id VCID-8sa8-xkg1-ybbm

summary Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-4153

reference_id

reference_type

scores

value	0.00507
scoring_system	epss
scoring_elements	0.66172
published_at	2026-04-01T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66212
published_at	2026-04-02T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66239
published_at	2026-04-04T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66209
published_at	2026-04-07T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66257
published_at	2026-04-08T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.6627
published_at	2026-04-09T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.6629
published_at	2026-04-11T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66277
published_at	2026-04-12T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66246
published_at	2026-04-13T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.6628
published_at	2026-04-21T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66296
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-4153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4153

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-4153

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sa8-xkg1-ybbm

url VCID-cut3-n4rz-jqf7

vulnerability_id VCID-cut3-n4rz-jqf7

summary SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-4154

reference_id

reference_type

scores

value	0.00832
scoring_system	epss
scoring_elements	0.74534
published_at	2026-04-01T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74538
published_at	2026-04-02T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74565
published_at	2026-04-04T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74539
published_at	2026-04-07T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74571
published_at	2026-04-08T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74587
published_at	2026-04-09T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.7461
published_at	2026-04-11T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.7459
published_at	2026-04-12T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74582
published_at	2026-04-13T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74619
published_at	2026-04-16T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74626
published_at	2026-04-18T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74617
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-4154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4154

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-4154

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cut3-n4rz-jqf7

url VCID-nztu-n4pg-p3be

vulnerability_id VCID-nztu-n4pg-p3be

summary Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

references

reference_url	http://osvdb.org/37296
reference_id
reference_type
scores
url	http://osvdb.org/37296

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-2627

reference_id

reference_type

scores

value	0.01033
scoring_system	epss
scoring_elements	0.77387
published_at	2026-04-21T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77297
published_at	2026-04-01T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77304
published_at	2026-04-02T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77332
published_at	2026-04-04T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77313
published_at	2026-04-07T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77343
published_at	2026-04-08T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77352
published_at	2026-04-09T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77379
published_at	2026-04-11T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77359
published_at	2026-04-12T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77355
published_at	2026-04-13T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77395
published_at	2026-04-16T12:55:00Z

value	0.01033
scoring_system	epss
scoring_elements	0.77394
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-2627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2627

reference_url	http://securityreason.com/securityalert/2694
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/2694

reference_url	http://www.securityfocus.com/archive/1/467360/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/467360/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::
reference_id	cpe:2.3:a:wordpress:wordpress::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-2627

reference_id

CVE-2007-2627

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2007-2627

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-2627

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nztu-n4pg-p3be

url VCID-wzb1-au3p-uuas

vulnerability_id VCID-wzb1-au3p-uuas

summary Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.

references

reference_url	http://osvdb.org/37294
reference_id
reference_type
scores
url	http://osvdb.org/37294

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3544

reference_id

reference_type

scores

value	0.01234
scoring_system	epss
scoring_elements	0.79216
published_at	2026-04-18T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79143
published_at	2026-04-01T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79149
published_at	2026-04-02T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79174
published_at	2026-04-04T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.7916
published_at	2026-04-07T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79185
published_at	2026-04-08T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79193
published_at	2026-04-13T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79217
published_at	2026-04-21T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79202
published_at	2026-04-12T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79219
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3544

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3544
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3544

reference_url	http://www.buayacorp.com/files/wordpress/wordpress-advisory.html
reference_id
reference_type
scores
url	http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::
reference_id	cpe:2.3:a:wordpress:wordpress::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress_mu::::::::
reference_id	cpe:2.3:a:wordpress:wordpress_mu::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress_mu::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3544

reference_id

CVE-2007-3544

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3544

fixed_packages

url	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2007-3544

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzb1-au3p-uuas

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie

Package Instance