VulnerableCode Package Details - pkg:deb/debian/wordpress@2.1.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4sv3-qgzg-eyhn	SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.	CVE-2007-1897
VCID-fa64-2upm-rfg5	Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor	CVE-2007-1732
VCID-n2ep-cw4n-gkda	Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.	CVE-2007-1894
VCID-sz3u-x51u-r3dn	Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).	CVE-2007-4483
VCID-vchz-vuh2-cfd9	Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.	CVE-2007-1622
VCID-wtuc-n99m-fyby	xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."	CVE-2007-1893

Vulnerability

Summary

Aliases

VCID-4sv3-qgzg-eyhn

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

CVE-2007-1897

VCID-fa64-2upm-rfg5

Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor

CVE-2007-1732

VCID-n2ep-cw4n-gkda

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

CVE-2007-1894

VCID-sz3u-x51u-r3dn

Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CVE-2007-4483

VCID-vchz-vuh2-cfd9

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

CVE-2007-1622

VCID-wtuc-n99m-fyby

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

CVE-2007-1893

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:28:09.772028+00:00	Debian Importer	Fixing	VCID-wtuc-n99m-fyby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:22:45.362272+00:00	Debian Importer	Fixing	VCID-fa64-2upm-rfg5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:24:13.083002+00:00	Debian Importer	Fixing	VCID-sz3u-x51u-r3dn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:46:09.366632+00:00	Debian Importer	Fixing	VCID-4sv3-qgzg-eyhn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:38:44.923006+00:00	Debian Importer	Fixing	VCID-vchz-vuh2-cfd9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:02:38.908860+00:00	Debian Importer	Fixing	VCID-n2ep-cw4n-gkda	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:17:39.210387+00:00	Debian Importer	Fixing	VCID-wtuc-n99m-fyby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:44:54.720377+00:00	Debian Importer	Fixing	VCID-fa64-2upm-rfg5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:00:49.762460+00:00	Debian Importer	Fixing	VCID-sz3u-x51u-r3dn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:31:21.906352+00:00	Debian Importer	Fixing	VCID-4sv3-qgzg-eyhn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:25:11.435655+00:00	Debian Importer	Fixing	VCID-vchz-vuh2-cfd9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:03:48.110884+00:00	Debian Importer	Fixing	VCID-n2ep-cw4n-gkda	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:57:48.166999+00:00	Debian Importer	Fixing	VCID-sz3u-x51u-r3dn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:47.577995+00:00	Debian Importer	Fixing	VCID-4sv3-qgzg-eyhn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:47.537713+00:00	Debian Importer	Fixing	VCID-n2ep-cw4n-gkda	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:47.497496+00:00	Debian Importer	Fixing	VCID-wtuc-n99m-fyby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:47.456774+00:00	Debian Importer	Fixing	VCID-fa64-2upm-rfg5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:47.415333+00:00	Debian Importer	Fixing	VCID-vchz-vuh2-cfd9	https://security-tracker.debian.org/tracker/data/json	38.1.0