VulnerableCode Package Details - pkg:deb/debian/wordpress@2.2.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3e65-zd17-rqhy	Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."	CVE-2007-4894
VCID-7dmm-cvtk-aydj	wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.	CVE-2007-4893
VCID-ysde-2c1f-r3a3	wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.	CVE-2008-2146

Vulnerability

Summary

Aliases

VCID-3e65-zd17-rqhy

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

CVE-2007-4894

VCID-7dmm-cvtk-aydj

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.

CVE-2007-4893

VCID-ysde-2c1f-r3a3

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

CVE-2008-2146

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:28:01.250809+00:00	Debian Importer	Fixing	VCID-3e65-zd17-rqhy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:36:51.006764+00:00	Debian Importer	Fixing	VCID-7dmm-cvtk-aydj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:37:31.937062+00:00	Debian Importer	Fixing	VCID-ysde-2c1f-r3a3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:17:32.968721+00:00	Debian Importer	Fixing	VCID-3e65-zd17-rqhy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:38:29.164599+00:00	Debian Importer	Fixing	VCID-7dmm-cvtk-aydj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:48:03.916058+00:00	Debian Importer	Fixing	VCID-ysde-2c1f-r3a3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:57:48.935279+00:00	Debian Importer	Fixing	VCID-ysde-2c1f-r3a3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:48.246829+00:00	Debian Importer	Fixing	VCID-3e65-zd17-rqhy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:48.207321+00:00	Debian Importer	Fixing	VCID-7dmm-cvtk-aydj	https://security-tracker.debian.org/tracker/data/json	38.1.0