VulnerableCode Package Details - pkg:deb/debian/wordpress@2.5.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cjc2-1tw5-u7aj	wordpress: security fixes in upstream version 2.5.1 (CVE-2008-1930, CVE-2008-2068)	CVE-2008-2068
VCID-d4b9-ek6d-nbb3	The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.	CVE-2008-1930
VCID-hamd-mn9k-q3f5	Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.	CVE-2008-4769

Vulnerability

Summary

Aliases

VCID-cjc2-1tw5-u7aj

wordpress: security fixes in upstream version 2.5.1 (CVE-2008-1930, CVE-2008-2068)

CVE-2008-2068

VCID-d4b9-ek6d-nbb3

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

CVE-2008-1930

VCID-hamd-mn9k-q3f5

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.

CVE-2008-4769

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:44:59.195653+00:00	Debian Importer	Fixing	VCID-d4b9-ek6d-nbb3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:08:29.065642+00:00	Debian Importer	Fixing	VCID-hamd-mn9k-q3f5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:04:34.396418+00:00	Debian Importer	Fixing	VCID-cjc2-1tw5-u7aj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:00:41.182620+00:00	Debian Importer	Fixing	VCID-d4b9-ek6d-nbb3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:48:40.569265+00:00	Debian Importer	Fixing	VCID-hamd-mn9k-q3f5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:57.829073+00:00	Debian Importer	Fixing	VCID-cjc2-1tw5-u7aj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:57:49.204406+00:00	Debian Importer	Fixing	VCID-hamd-mn9k-q3f5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:48.895963+00:00	Debian Importer	Fixing	VCID-cjc2-1tw5-u7aj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:48.852813+00:00	Debian Importer	Fixing	VCID-d4b9-ek6d-nbb3	https://security-tracker.debian.org/tracker/data/json	38.1.0