Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
purl pkg:deb/debian/wordpress@2.2.2-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-1cp7-76kz-47ed Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. CVE-2007-3238
VCID-6npq-by6g-cqg8 WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. CVE-2007-3639
VCID-7kjc-hwqu-wufc wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. CVE-2007-1599
VCID-8sa8-xkg1-ybbm Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. CVE-2007-4153
VCID-cut3-n4rz-jqf7 SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. CVE-2007-4154
VCID-nztu-n4pg-p3be Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. CVE-2007-2627
VCID-wzb1-au3p-uuas Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. CVE-2007-3544

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:55:43.019352+00:00 Debian Importer Fixing VCID-cut3-n4rz-jqf7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:16:58.729926+00:00 Debian Importer Fixing VCID-1cp7-76kz-47ed https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:36:29.901534+00:00 Debian Importer Fixing VCID-6npq-by6g-cqg8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:04:43.532887+00:00 Debian Importer Fixing VCID-wzb1-au3p-uuas https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:30:28.694597+00:00 Debian Importer Fixing VCID-nztu-n4pg-p3be https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:50:42.909662+00:00 Debian Importer Fixing VCID-8sa8-xkg1-ybbm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:39:41.287811+00:00 Debian Importer Fixing VCID-7kjc-hwqu-wufc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:52:40.374218+00:00 Debian Importer Fixing VCID-cut3-n4rz-jqf7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:23:59.385191+00:00 Debian Importer Fixing VCID-1cp7-76kz-47ed https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:44.613552+00:00 Debian Importer Fixing VCID-6npq-by6g-cqg8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:31:24.117660+00:00 Debian Importer Fixing VCID-wzb1-au3p-uuas https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:05:35.482206+00:00 Debian Importer Fixing VCID-nztu-n4pg-p3be https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:56:32.224766+00:00 Debian Importer Fixing VCID-8sa8-xkg1-ybbm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:49:20.801389+00:00 Debian Importer Fixing VCID-7kjc-hwqu-wufc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:57:48.088386+00:00 Debian Importer Fixing VCID-cut3-n4rz-jqf7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:48.048549+00:00 Debian Importer Fixing VCID-8sa8-xkg1-ybbm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:48.008974+00:00 Debian Importer Fixing VCID-6npq-by6g-cqg8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.968955+00:00 Debian Importer Fixing VCID-wzb1-au3p-uuas https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.888875+00:00 Debian Importer Fixing VCID-1cp7-76kz-47ed https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.658876+00:00 Debian Importer Fixing VCID-nztu-n4pg-p3be https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:57:47.369621+00:00 Debian Importer Fixing VCID-7kjc-hwqu-wufc https://security-tracker.debian.org/tracker/data/json 38.1.0