Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/wordpress@2.1.0-1?distro=trixie
purl pkg:deb/debian/wordpress@2.1.0-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-4gpe-jspv-n7c7 Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. CVE-2008-0194
VCID-7qy9-e4j5-6fdb wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. CVE-2007-0233
VCID-fc6e-njgb-pued WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. CVE-2007-0541
VCID-kdjp-qmxc-9qat The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. CVE-2007-0539
VCID-qpzg-tnaj-3uab Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. CVE-2008-0193
VCID-vn8w-n4v7-kkfd WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. CVE-2008-0195
VCID-xj9y-sb3e-vkac WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. CVE-2007-0540

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:57:20.764321+00:00 Debian Importer Fixing VCID-qpzg-tnaj-3uab https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:16:34.994115+00:00 Debian Importer Fixing VCID-vn8w-n4v7-kkfd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:36:33.754983+00:00 Debian Importer Fixing VCID-kdjp-qmxc-9qat https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:59:36.982184+00:00 Debian Importer Fixing VCID-7qy9-e4j5-6fdb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:10:33.194381+00:00 Debian Importer Fixing VCID-fc6e-njgb-pued https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:58:26.818630+00:00 Debian Importer Fixing VCID-4gpe-jspv-n7c7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:54:40.877790+00:00 Debian Importer Fixing VCID-xj9y-sb3e-vkac https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:53:58.953886+00:00 Debian Importer Fixing VCID-qpzg-tnaj-3uab https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:40:13.208887+00:00 Debian Importer Fixing VCID-vn8w-n4v7-kkfd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:10:11.010904+00:00 Debian Importer Fixing VCID-kdjp-qmxc-9qat https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:41:50.214744+00:00 Debian Importer Fixing VCID-7qy9-e4j5-6fdb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:08:32.280306+00:00 Debian Importer Fixing VCID-fc6e-njgb-pued https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:01:09.610234+00:00 Debian Importer Fixing VCID-4gpe-jspv-n7c7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:58:49.311156+00:00 Debian Importer Fixing VCID-xj9y-sb3e-vkac https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:57:48.632979+00:00 Debian Importer Fixing VCID-vn8w-n4v7-kkfd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:48.593307+00:00 Debian Importer Fixing VCID-4gpe-jspv-n7c7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:48.553848+00:00 Debian Importer Fixing VCID-qpzg-tnaj-3uab https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.119293+00:00 Debian Importer Fixing VCID-fc6e-njgb-pued https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.079090+00:00 Debian Importer Fixing VCID-xj9y-sb3e-vkac https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.038520+00:00 Debian Importer Fixing VCID-kdjp-qmxc-9qat https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:46.948783+00:00 Debian Importer Fixing VCID-7qy9-e4j5-6fdb https://security-tracker.debian.org/tracker/data/json 38.1.0