VulnerableCode Package Details - pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1tvf-ywk8-5yh5	wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.	CVE-2006-6016
VCID-6xna-bhaz-bbcm	WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.	CVE-2006-4743
VCID-82ky-v2zx-53h4	WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.	CVE-2006-6017
VCID-m7yz-rv7g-jbat	Flaws in WordPress allow a Denial of Service, the disclosure of user metadata and the overwriting of restricted files.	CVE-2006-5705
VCID-uzm6-mwhv-xfbj	Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.	CVE-2006-4208

Vulnerability

Summary

Aliases

VCID-1tvf-ywk8-5yh5

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVE-2006-6016

VCID-6xna-bhaz-bbcm

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.

CVE-2006-4743

VCID-82ky-v2zx-53h4

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVE-2006-6017

VCID-m7yz-rv7g-jbat

Flaws in WordPress allow a Denial of Service, the disclosure of user metadata and the overwriting of restricted files.

CVE-2006-5705

VCID-uzm6-mwhv-xfbj

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.

CVE-2006-4208

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:29:46.815474+00:00	Debian Importer	Fixing	VCID-6xna-bhaz-bbcm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:53:59.001020+00:00	Debian Importer	Fixing	VCID-uzm6-mwhv-xfbj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:34:01.125762+00:00	Debian Importer	Fixing	VCID-1tvf-ywk8-5yh5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:05:56.381220+00:00	Debian Importer	Fixing	VCID-m7yz-rv7g-jbat	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:00:00.571793+00:00	Debian Importer	Fixing	VCID-82ky-v2zx-53h4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:18:49.334957+00:00	Debian Importer	Fixing	VCID-6xna-bhaz-bbcm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:51:24.247177+00:00	Debian Importer	Fixing	VCID-uzm6-mwhv-xfbj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:53:07.302009+00:00	Debian Importer	Fixing	VCID-1tvf-ywk8-5yh5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:46:47.291085+00:00	Debian Importer	Fixing	VCID-m7yz-rv7g-jbat	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:42:09.646890+00:00	Debian Importer	Fixing	VCID-82ky-v2zx-53h4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:57:46.723688+00:00	Debian Importer	Fixing	VCID-82ky-v2zx-53h4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:46.682928+00:00	Debian Importer	Fixing	VCID-1tvf-ywk8-5yh5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:46.642476+00:00	Debian Importer	Fixing	VCID-m7yz-rv7g-jbat	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:46.602033+00:00	Debian Importer	Fixing	VCID-6xna-bhaz-bbcm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:46.557602+00:00	Debian Importer	Fixing	VCID-uzm6-mwhv-xfbj	https://security-tracker.debian.org/tracker/data/json	38.1.0