Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 3.4.1+dfsg-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.4.2+dfsg-1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2b99-baqh-3ker

vulnerability_id VCID-2b99-baqh-3ker

summary Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3384

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39362
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39523
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39546
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39461
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39516
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39532
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39543
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39505
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39488
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39539
published_at	2026-04-16T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3951
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39426
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3384

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3384
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3384

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721
reference_id	680721
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721

fixed_packages

url	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-3384

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b99-baqh-3ker

url VCID-janm-1e9e-abb5

vulnerability_id VCID-janm-1e9e-abb5

summary WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3385

reference_id

reference_type

scores

value	0.00669
scoring_system	epss
scoring_elements	0.71245
published_at	2026-04-07T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71253
published_at	2026-04-02T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.7127
published_at	2026-04-04T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71286
published_at	2026-04-08T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.713
published_at	2026-04-09T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71322
published_at	2026-04-11T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71307
published_at	2026-04-12T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71291
published_at	2026-04-13T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71337
published_at	2026-04-16T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71344
published_at	2026-04-18T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71323
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3385

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721
reference_id	680721
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721

fixed_packages

url	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-3385

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-janm-1e9e-abb5

url VCID-tr8v-5ee5-aqfp

vulnerability_id VCID-tr8v-5ee5-aqfp

summary The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3383

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36022
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36216
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36245
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3608
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36129
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36147
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36154
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36117
published_at	2026-04-12T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36091
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36132
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36118
published_at	2026-04-18T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36065
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3383

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721
reference_id	680721
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721

fixed_packages

url	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

vulnerability	VCID-yqam-kpce-dfg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gyaq-8pvh-p7gg

vulnerability	VCID-jghn-eujf-zbdn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-3383

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tr8v-5ee5-aqfp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie

Package Instance