{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"wordpress","version":"6.8.3+dfsg1-0+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.8.3+dfsg1-1","latest_non_vulnerable_version":"6.9.4+dfsg1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3920?format=json","vulnerability_id":"VCID-14aw-pv9d-ekhs","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28037","reference_id":"","reference_type":"","scores":[{"value":"0.1405","scoring_system":"epss","scoring_elements":"0.94479","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28037"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14aw-pv9d-ekhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105751?format=json","vulnerability_id":"VCID-14q3-c99q-bffg","summary":"Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7989","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52695","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140","reference_id":"799140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135305?format=json","purl":"pkg:deb/debian/wordpress@4.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.3.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-7989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14q3-c99q-bffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105705?format=json","vulnerability_id":"VCID-16mq-7crg-vkgk","summary":"wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2173","reference_id":"","reference_type":"","scores":[{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.82501","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16mq-7crg-vkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105766?format=json","vulnerability_id":"VCID-16xh-7w1r-hba3","summary":"WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5839","reference_id":"","reference_type":"","scores":[{"value":"0.01122","scoring_system":"epss","scoring_elements":"0.78593","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5839"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16xh-7w1r-hba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105830?format=json","vulnerability_id":"VCID-17qe-nccb-sfag","summary":"In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16220","reference_id":"","reference_type":"","scores":[{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74755","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17qe-nccb-sfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105889?format=json","vulnerability_id":"VCID-18bd-u7wq-u3bt","summary":"WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticated user has `edit_post` permission on the target post when creating a note. This makes it possible for authenticated attackers with Subscriber-level access to create notes on any post, including posts authored by other users, private posts, and posts in any status.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131148","reference_id":"1131148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-3906"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18bd-u7wq-u3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105838?format=json","vulnerability_id":"VCID-19ps-rfnj-ebc2","summary":"In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17671","reference_id":"","reference_type":"","scores":[{"value":"0.72902","scoring_system":"epss","scoring_elements":"0.988","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17671"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"},{"reference_url":"https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/","reference_id":"CVE-2019-17671","reference_type":"exploit","scores":[],"url":"https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47690.md","reference_id":"CVE-2019-17671","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47690.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17671"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19ps-rfnj-ebc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105761?format=json","vulnerability_id":"VCID-1a4f-z6ee-ybbb","summary":"Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5834","reference_id":"","reference_type":"","scores":[{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79396","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a4f-z6ee-ybbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105760?format=json","vulnerability_id":"VCID-1a8p-u6dd-byde","summary":"Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5833","reference_id":"","reference_type":"","scores":[{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79396","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5833"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a8p-u6dd-byde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105779?format=json","vulnerability_id":"VCID-1ckk-y6u5-2bg7","summary":"Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14723","reference_id":"","reference_type":"","scores":[{"value":"0.10428","scoring_system":"epss","scoring_elements":"0.93354","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14723"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14723"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ckk-y6u5-2bg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105692?format=json","vulnerability_id":"VCID-1eqs-7c98-7uer","summary":"WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3385","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71687","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3385"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721","reference_id":"680721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135288?format=json","purl":"pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1eqs-7c98-7uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105887?format=json","vulnerability_id":"VCID-1jjh-thmp-8qd6","summary":"Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047","reference_id":"1117047","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135381?format=json","purl":"pkg:deb/debian/wordpress@5.7.14%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.14%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135388?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-58246"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jjh-thmp-8qd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105735?format=json","vulnerability_id":"VCID-1nv4-xsxn-rqfm","summary":"wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9038","reference_id":"","reference_type":"","scores":[{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79543","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nv4-xsxn-rqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105568?format=json","vulnerability_id":"VCID-1v7f-uxzy-mba8","summary":"SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1012","reference_id":"","reference_type":"","scores":[{"value":"0.01865","scoring_system":"epss","scoring_elements":"0.83424","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1012"},{"reference_url":"https://security.gentoo.org/glsa/200603-01","reference_id":"GLSA-200603-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200603-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135243?format=json","purl":"pkg:deb/debian/wordpress@2.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-1012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v7f-uxzy-mba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105687?format=json","vulnerability_id":"VCID-2144-8hvk-jfcq","summary":"wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2402","reference_id":"","reference_type":"","scores":[{"value":"0.01272","scoring_system":"epss","scoring_elements":"0.79863","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2144-8hvk-jfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105573?format=json","vulnerability_id":"VCID-25sp-rgps-43ck","summary":"Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2667","reference_id":"","reference_type":"","scores":[{"value":"0.32191","scoring_system":"epss","scoring_elements":"0.96924","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2667"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369014","reference_id":"369014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369014"},{"reference_url":"https://security.gentoo.org/glsa/200606-08","reference_id":"GLSA-200606-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-08"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6.php","reference_id":"OSVDB-25777;CVE-2006-2667","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6.php"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135246?format=json","purl":"pkg:deb/debian/wordpress@2.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-2667"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25sp-rgps-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105725?format=json","vulnerability_id":"VCID-2aq8-35ze-mfb2","summary":"The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5265","reference_id":"","reference_type":"","scores":[{"value":"0.07017","scoring_system":"epss","scoring_elements":"0.91626","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5267"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2aq8-35ze-mfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105859?format=json","vulnerability_id":"VCID-2brj-ncs1-y7du","summary":"Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29447","reference_id":"","reference_type":"","scores":[{"value":"0.89975","scoring_system":"epss","scoring_elements":"0.99597","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29447"},{"reference_url":"https://security.archlinux.org/AVG-1831","reference_id":"AVG-1831","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1831"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50304.sh","reference_id":"CVE-2021-29447","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50304.sh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135367?format=json","purl":"pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29447"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2brj-ncs1-y7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3917?format=json","vulnerability_id":"VCID-2d1x-n1xx-abdy","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28040","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.5414","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28040"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d1x-n1xx-abdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105737?format=json","vulnerability_id":"VCID-2dfn-gmsk-nfdc","summary":"SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2213","reference_id":"","reference_type":"","scores":[{"value":"0.21244","scoring_system":"epss","scoring_elements":"0.95784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2213"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dfn-gmsk-nfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105854?format=json","vulnerability_id":"VCID-2jjz-wjg4-abf6","summary":"In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4046","reference_id":"","reference_type":"","scores":[{"value":"0.06854","scoring_system":"epss","scoring_elements":"0.91521","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-4046"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jjz-wjg4-abf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105631?format=json","vulnerability_id":"VCID-2n8h-ct3t-s3h2","summary":"The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with \"admin\" to obtain administrator privileges, aka a \"cryptographic splicing\" issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1930","reference_id":"","reference_type":"","scores":[{"value":"0.07505","scoring_system":"epss","scoring_elements":"0.91938","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477910","reference_id":"477910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135266?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-1930"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n8h-ct3t-s3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105579?format=json","vulnerability_id":"VCID-2p4t-hy4a-xkc9","summary":"WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages.  NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4743","reference_id":"","reference_type":"","scores":[{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75332","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135250?format=json","purl":"pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.5-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-4743"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4t-hy4a-xkc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105812?format=json","vulnerability_id":"VCID-2ymb-ujfy-bqac","summary":"Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10101","reference_id":"","reference_type":"","scores":[{"value":"0.09391","scoring_system":"epss","scoring_elements":"0.92938","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10101"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034","reference_id":"895034","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135345?format=json","purl":"pkg:deb/debian/wordpress@4.9.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10101"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ymb-ujfy-bqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105875?format=json","vulnerability_id":"VCID-2ynn-67cx-1bax","summary":"WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036296","reference_id":"1036296","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036296"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52274.py","reference_id":"CVE-2023-2745","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52274.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135376?format=json","purl":"pkg:deb/debian/wordpress@6.1.6%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.6%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135377?format=json","purl":"pkg:deb/debian/wordpress@6.2.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.2.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-2745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ynn-67cx-1bax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105775?format=json","vulnerability_id":"VCID-2yqy-vpeh-z3ev","summary":"Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14719","reference_id":"","reference_type":"","scores":[{"value":"0.50739","scoring_system":"epss","scoring_elements":"0.97905","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14719"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2yqy-vpeh-z3ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105863?format=json","vulnerability_id":"VCID-2zbw-qshq-bfga","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39203","reference_id":"","reference_type":"","scores":[{"value":"0.01232","scoring_system":"epss","scoring_elements":"0.79517","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-39203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zbw-qshq-bfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105638?format=json","vulnerability_id":"VCID-36c8-kx2a-fkbh","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4671","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4671"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32444.txt","reference_id":"CVE-2008-4671;OSVDB-48635","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32444.txt"},{"reference_url":"https://www.securityfocus.com/bid/31482/info","reference_id":"CVE-2008-4671;OSVDB-48635","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/31482/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-4671"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36c8-kx2a-fkbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105649?format=json","vulnerability_id":"VCID-371k-yqab-s7a3","summary":"WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2432.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2432","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.78093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2432"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745","reference_id":"510745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537146","reference_id":"537146","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2432"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-371k-yqab-s7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105592?format=json","vulnerability_id":"VCID-3b6q-vue2-rkhc","summary":"WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0541","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80072","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0541"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0541"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b6q-vue2-rkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105679?format=json","vulnerability_id":"VCID-3erj-ug32-1fa4","summary":"The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4957","reference_id":"","reference_type":"","scores":[{"value":"0.02802","scoring_system":"epss","scoring_elements":"0.86388","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3erj-ug32-1fa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105739?format=json","vulnerability_id":"VCID-3ntn-sayw-3ufc","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3438","reference_id":"","reference_type":"","scores":[{"value":"0.01607","scoring_system":"epss","scoring_elements":"0.8208","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347","reference_id":"783347","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135302?format=json","purl":"pkg:deb/debian/wordpress@4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ntn-sayw-3ufc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105874?format=json","vulnerability_id":"VCID-3q21-rz95-33hy","summary":"WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes \"the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner,\" but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22622","reference_id":"","reference_type":"","scores":[{"value":"0.08419","scoring_system":"epss","scoring_elements":"0.92476","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q21-rz95-33hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105578?format=json","vulnerability_id":"VCID-3qd8-e4vj-5baa","summary":"Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4208","reference_id":"","reference_type":"","scores":[{"value":"0.27172","scoring_system":"epss","scoring_elements":"0.96482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4208"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384800","reference_id":"384800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384800"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/28382.txt","reference_id":"CVE-2006-4208;OSVDB-27979","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/28382.txt"},{"reference_url":"https://www.securityfocus.com/bid/19504/info","reference_id":"CVE-2006-4208;OSVDB-27979","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19504/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135250?format=json","purl":"pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.5-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-4208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qd8-e4vj-5baa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105715?format=json","vulnerability_id":"VCID-3rmm-42vm-hbgh","summary":"wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4340","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77066","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537","reference_id":"722537","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135295?format=json","purl":"pkg:deb/debian/wordpress@3.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4340"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rmm-42vm-hbgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105848?format=json","vulnerability_id":"VCID-3rqn-c28j-3kf7","summary":"In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11026","reference_id":"","reference_type":"","scores":[{"value":"0.0441","scoring_system":"epss","scoring_elements":"0.892","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rqn-c28j-3kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105771?format=json","vulnerability_id":"VCID-3srm-2c94-3ba2","summary":"WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9263","reference_id":"","reference_type":"","scores":[{"value":"0.01241","scoring_system":"epss","scoring_elements":"0.79599","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135313?format=json","purl":"pkg:deb/debian/wordpress@4.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-9263"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3srm-2c94-3ba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105633?format=json","vulnerability_id":"VCID-3xr2-pc32-c7hx","summary":"wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2146","reference_id":"","reference_type":"","scores":[{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69364","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135260?format=json","purl":"pkg:deb/debian/wordpress@2.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-2146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xr2-pc32-c7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105773?format=json","vulnerability_id":"VCID-43dd-pzfc-t7ad","summary":"The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1001000","reference_id":"","reference_type":"","scores":[{"value":"0.78934","scoring_system":"epss","scoring_elements":"0.99077","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1001000"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135315?format=json","purl":"pkg:deb/debian/wordpress@4.7.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-1001000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43dd-pzfc-t7ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105768?format=json","vulnerability_id":"VCID-44dc-pe8q-d7gr","summary":"Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6635","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52561","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135310?format=json","purl":"pkg:deb/debian/wordpress@4.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6635"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44dc-pe8q-d7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105668?format=json","vulnerability_id":"VCID-44nk-vcrk-jbe9","summary":"A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1762","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61974","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1762"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44nk-vcrk-jbe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54425?format=json","vulnerability_id":"VCID-45r4-tvap-93hq","summary":"Deserialization of Untrusted Data\nRequests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.","references":[{"reference_url":"https://2018.zeronights.ru/wp-content/uploads/materials/9%20ZN2018%20WV%20-%20PHP%20unserialize.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://2018.zeronights.ru/wp-content/uploads/materials/9%20ZN2018%20WV%20-%20PHP%20unserialize.pdf"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29476","reference_id":"","reference_type":"","scores":[{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84792","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29476"},{"reference_url":"https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security"},{"reference_url":"https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security/"},{"reference_url":"https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf"},{"reference_url":"https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress"},{"reference_url":"https://github.com/ambionics/phpggc/issues/52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ambionics/phpggc/issues/52"},{"reference_url":"https://github.com/rmccue/Requests/pull/421","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rmccue/Requests/pull/421"},{"reference_url":"https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3"},{"reference_url":"https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf"},{"reference_url":"https://medium.com/@knownsec404team/extend-the-attack-surface-of-php-deserialization-vulnerability-via-phar-d6455c6a1066#3c0f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@knownsec404team/extend-the-attack-surface-of-php-deserialization-vulnerability-via-phar-d6455c6a1066#3c0f"},{"reference_url":"https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release"},{"reference_url":"https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/","reference_id":"","reference_type":"","scores":[],"url":"https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29476","reference_id":"CVE-2021-29476","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29476"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/rmccue/requests/CVE-2021-29476.yaml","reference_id":"CVE-2021-29476.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/rmccue/requests/CVE-2021-29476.yaml"},{"reference_url":"https://github.com/advisories/GHSA-52qp-jpq7-6c54","reference_id":"GHSA-52qp-jpq7-6c54","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-52qp-jpq7-6c54"},{"reference_url":"https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54","reference_id":"GHSA-52qp-jpq7-6c54","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29476","GHSA-52qp-jpq7-6c54"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45r4-tvap-93hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105781?format=json","vulnerability_id":"VCID-46vm-86cp-5bd9","summary":"Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14724","reference_id":"","reference_type":"","scores":[{"value":"0.07679","scoring_system":"epss","scoring_elements":"0.92048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14724"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46vm-86cp-5bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105643?format=json","vulnerability_id":"VCID-49mv-dy6e-xkbr","summary":"Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6762","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52445","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736","reference_id":"531736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-6762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49mv-dy6e-xkbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43722?format=json","vulnerability_id":"VCID-4amd-2pjn-3bgm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.","references":[{"reference_url":"http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115"},{"reference_url":"http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172"},{"reference_url":"http://docs.moodle.org/en/Moodle_1.8.13_release_notes","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.moodle.org/en/Moodle_1.8.13_release_notes"},{"reference_url":"http://docs.moodle.org/en/Moodle_1.9.9_release_notes","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.moodle.org/en/Moodle_1.9.9_release_notes"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"},{"reference_url":"http://moodle.org/mod/forum/discuss.php?d=152368","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://moodle.org/mod/forum/discuss.php?d=152368"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2230","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=605809","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=605809"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/704c5dfed4f4531b6d74d19cfad573984e74885e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/704c5dfed4f4531b6d74d19cfad573984e74885e"},{"reference_url":"https://web.archive.org/web/20100621005117/http://secunia.com/advisories/40248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100621005117/http://secunia.com/advisories/40248"},{"reference_url":"https://web.archive.org/web/20100711044720/http://secunia.com/advisories/40352","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100711044720/http://secunia.com/advisories/40352"},{"reference_url":"http://tracker.moodle.org/browse/MDL-22042","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tracker.moodle.org/browse/MDL-22042"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/06/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2010/06/21/2"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2010/1530"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1571","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2010/1571"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2230","reference_id":"CVE-2010-2230","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2230"},{"reference_url":"https://github.com/advisories/GHSA-3gm8-32vv-q8mp","reference_id":"GHSA-3gm8-32vv-q8mp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gm8-32vv-q8mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135280?format=json","purl":"pkg:deb/debian/wordpress@3.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-2230","GHSA-3gm8-32vv-q8mp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4amd-2pjn-3bgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105667?format=json","vulnerability_id":"VCID-4cxp-emaj-kqft","summary":"wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0701","reference_id":"","reference_type":"","scores":[{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81767","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0701"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135284?format=json","purl":"pkg:deb/debian/wordpress@3.0.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0701"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxp-emaj-kqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105584?format=json","vulnerability_id":"VCID-4dnk-cds8-mqff","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.  NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6808","reference_id":"","reference_type":"","scores":[{"value":"0.03483","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6808"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405299","reference_id":"405299","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405299"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29356.txt","reference_id":"CVE-2006-6808;OSVDB-31578","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29356.txt"},{"reference_url":"https://www.securityfocus.com/bid/21782/info","reference_id":"CVE-2006-6808;OSVDB-31578","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/21782/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135251?format=json","purl":"pkg:deb/debian/wordpress@2.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-6808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dnk-cds8-mqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105852?format=json","vulnerability_id":"VCID-4fxg-z4ve-tug6","summary":"In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11030","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11030"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fxg-z4ve-tug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6657?format=json","vulnerability_id":"VCID-4j2n-v8e2-n3d6","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5492","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67715","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5492"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4j2n-v8e2-n3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105772?format=json","vulnerability_id":"VCID-4jwg-pg54-d7hr","summary":"WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000600","reference_id":"","reference_type":"","scores":[{"value":"0.19822","scoring_system":"epss","scoring_elements":"0.95567","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135314?format=json","purl":"pkg:deb/debian/wordpress@4.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-1000600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4jwg-pg54-d7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105727?format=json","vulnerability_id":"VCID-4ksq-sckd-pfep","summary":"WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6412","reference_id":"","reference_type":"","scores":[{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85461","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6412"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-6412"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ksq-sckd-pfep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105858?format=json","vulnerability_id":"VCID-4nvv-b487-y7e4","summary":"In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4050","reference_id":"","reference_type":"","scores":[{"value":"0.02416","scoring_system":"epss","scoring_elements":"0.85391","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4050"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-4050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nvv-b487-y7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105736?format=json","vulnerability_id":"VCID-4qgz-r538-tue6","summary":"wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9039","reference_id":"","reference_type":"","scores":[{"value":"0.01681","scoring_system":"epss","scoring_elements":"0.82521","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9039"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qgz-r538-tue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105829?format=json","vulnerability_id":"VCID-4rsg-tmp9-q3hp","summary":"WordPress before 5.2.3 allows XSS in shortcode previews.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16219","reference_id":"","reference_type":"","scores":[{"value":"0.04685","scoring_system":"epss","scoring_elements":"0.89527","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16219"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rsg-tmp9-q3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105698?format=json","vulnerability_id":"VCID-4s9z-8183-fyf4","summary":"Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6633","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60515","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6633"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135292?format=json","purl":"pkg:deb/debian/wordpress@3.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6633"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4s9z-8183-fyf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43166?format=json","vulnerability_id":"VCID-4ukx-7rbm-ykeg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.","references":[{"reference_url":"http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1502.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1502","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78247","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1502"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41435","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://usn.ubuntu.com/658-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/658-1"},{"reference_url":"https://usn.ubuntu.com/658-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/658-1/"},{"reference_url":"https://web.archive.org/web/20080709031015/http://www.securityfocus.com/bid/28424","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080709031015/http://www.securityfocus.com/bid/28424"},{"reference_url":"https://web.archive.org/web/20080828131802/http://secunia.com/advisories/31017","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080828131802/http://secunia.com/advisories/31017"},{"reference_url":"https://web.archive.org/web/20080905011948/http://secunia.com/advisories/31018","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080905011948/http://secunia.com/advisories/31018"},{"reference_url":"https://web.archive.org/web/20081011001554/http://secunia.com/advisories/31167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081011001554/http://secunia.com/advisories/31167"},{"reference_url":"https://web.archive.org/web/20081025081058/http://secunia.com/advisories/32400","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081025081058/http://secunia.com/advisories/32400"},{"reference_url":"https://web.archive.org/web/20081028073531/http://secunia.com/advisories/32446","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081028073531/http://secunia.com/advisories/32446"},{"reference_url":"https://web.archive.org/web/20090129193143/http://secunia.com/advisories/30986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090129193143/http://secunia.com/advisories/30986"},{"reference_url":"https://web.archive.org/web/20100819022833/http://secunia.com/advisories/30073","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100819022833/http://secunia.com/advisories/30073"},{"reference_url":"https://web.archive.org/web/20120719035305/http://secunia.com/advisories/29491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120719035305/http://secunia.com/advisories/29491"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1691","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1691"},{"reference_url":"http://www.debian.org/security/2009/dsa-1871","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1871"},{"reference_url":"http://www.egroupware.org/changelog","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.egroupware.org/changelog"},{"reference_url":"http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110"},{"reference_url":"http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/07/08/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2008/07/08/14"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=454246","reference_id":"454246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=454246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504243","reference_id":"504243","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504243"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1502","reference_id":"CVE-2008-1502","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1502"},{"reference_url":"https://github.com/advisories/GHSA-v759-3wr5-p294","reference_id":"GHSA-v759-3wr5-p294","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v759-3wr5-p294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135262?format=json","purl":"pkg:deb/debian/wordpress@2.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-1502","GHSA-v759-3wr5-p294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ukx-7rbm-ykeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105678?format=json","vulnerability_id":"VCID-4wzq-x178-3yhc","summary":"Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4956","reference_id":"","reference_type":"","scores":[{"value":"0.00791","scoring_system":"epss","scoring_elements":"0.74251","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4956"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4956"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wzq-x178-3yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105720?format=json","vulnerability_id":"VCID-531v-haqq-1ydn","summary":"The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0166","reference_id":"","reference_type":"","scores":[{"value":"0.3531","scoring_system":"epss","scoring_elements":"0.97137","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018","reference_id":"744018","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135297?format=json","purl":"pkg:deb/debian/wordpress@3.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-531v-haqq-1ydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105857?format=json","vulnerability_id":"VCID-549h-mzq2-zffe","summary":"In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4049","reference_id":"","reference_type":"","scores":[{"value":"0.05886","scoring_system":"epss","scoring_elements":"0.90747","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4049"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-4049"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-549h-mzq2-zffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105550?format=json","vulnerability_id":"VCID-57g5-v9b6-myax","summary":"CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1584","reference_id":"","reference_type":"","scores":[{"value":"0.16","scoring_system":"epss","scoring_elements":"0.94892","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1584"},{"reference_url":"https://security.gentoo.org/glsa/200410-12","reference_id":"GLSA-200410-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200410-12"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/570.txt","reference_id":"OSVDB-10595;CVE-2004-1584","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/570.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135234?format=json","purl":"pkg:deb/debian/wordpress@1.2.1-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.2.1-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2004-1584"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57g5-v9b6-myax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105803?format=json","vulnerability_id":"VCID-58c8-14q3-pbc5","summary":"WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8295","reference_id":"","reference_type":"","scores":[{"value":"0.77097","scoring_system":"epss","scoring_elements":"0.98986","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862053","reference_id":"862053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862053"},{"reference_url":"https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html","reference_id":"CVE-2017-8295","reference_type":"exploit","scores":[],"url":"https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41963.txt","reference_id":"CVE-2017-8295","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41963.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135341?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8295"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58c8-14q3-pbc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58877?format=json","vulnerability_id":"VCID-58kk-nrpx-m3h5","summary":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220","reference_id":"","reference_type":"","scores":[{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93198","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277","reference_id":"523277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242","reference_id":"555242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244","reference_id":"555244","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259","reference_id":"555259","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266","reference_id":"555266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135275?format=json","purl":"pkg:deb/debian/wordpress@2.5.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-7220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58kk-nrpx-m3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105855?format=json","vulnerability_id":"VCID-59vn-wwep-jkhj","summary":"In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4047","reference_id":"","reference_type":"","scores":[{"value":"0.05566","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4047"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-4047"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59vn-wwep-jkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105785?format=json","vulnerability_id":"VCID-5eer-y812-dydv","summary":"WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a \"double prepare\" approach, a different vulnerability than CVE-2017-14723.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16510","reference_id":"","reference_type":"","scores":[{"value":"0.04169","scoring_system":"epss","scoring_elements":"0.8888","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16510"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880528","reference_id":"880528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135330?format=json","purl":"pkg:deb/debian/wordpress@4.8.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16510"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5eer-y812-dydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105836?format=json","vulnerability_id":"VCID-5fxz-g788-s7e9","summary":"WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17669","reference_id":"","reference_type":"","scores":[{"value":"0.08377","scoring_system":"epss","scoring_elements":"0.92454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17669"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17669"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fxz-g788-s7e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105596?format=json","vulnerability_id":"VCID-5k1h-x44y-gqdf","summary":"WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1277","reference_id":"","reference_type":"","scores":[{"value":"0.84865","scoring_system":"epss","scoring_elements":"0.9936","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1277"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29701.txt","reference_id":"CVE-2007-1277;OSVDB-33908","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29701.txt"},{"reference_url":"https://www.securityfocus.com/bid/22797/info","reference_id":"CVE-2007-1277;OSVDB-33908","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/22797/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29702.txt","reference_id":"CVE-2007-1277;OSVDB-33909","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29702.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1277"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5k1h-x44y-gqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105759?format=json","vulnerability_id":"VCID-5pup-kgdy-7qgr","summary":"The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5832","reference_id":"","reference_type":"","scores":[{"value":"0.01929","scoring_system":"epss","scoring_elements":"0.83714","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5832"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5832"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pup-kgdy-7qgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105590?format=json","vulnerability_id":"VCID-5qar-m5qq-ryg7","summary":"The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0539","reference_id":"","reference_type":"","scores":[{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.8061","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0539"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qar-m5qq-ryg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58851?format=json","vulnerability_id":"VCID-5vzn-5rbf-e3hb","summary":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49749","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592","reference_id":"539592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vzn-5rbf-e3hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105591?format=json","vulnerability_id":"VCID-61jm-kw39-13f8","summary":"WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0540","reference_id":"","reference_type":"","scores":[{"value":"0.0776","scoring_system":"epss","scoring_elements":"0.92092","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0540"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29522.py","reference_id":"CVE-2007-0540;OSVDB-33006","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29522.py"},{"reference_url":"https://www.securityfocus.com/bid/22220/info","reference_id":"CVE-2007-0540;OSVDB-33006","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/22220/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0540"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61jm-kw39-13f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105556?format=json","vulnerability_id":"VCID-62z6-e7yx-mybr","summary":"SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2108","reference_id":"","reference_type":"","scores":[{"value":"0.01061","scoring_system":"epss","scoring_elements":"0.77986","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2108"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402","reference_id":"316402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402"},{"reference_url":"http://gulftech.org/advisories/WordPress%20Multiple%20Vulnerabilities/78","reference_id":"OSVDB-17637;CVE-2005-2108;GTSA-00078","reference_type":"exploit","scores":[],"url":"http://gulftech.org/advisories/WordPress%20Multiple%20Vulnerabilities/78"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/1077.pl","reference_id":"OSVDB-17637;CVE-2005-2108;GTSA-00078","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/1077.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135237?format=json","purl":"pkg:deb/debian/wordpress@1.5.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2108"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62z6-e7yx-mybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105627?format=json","vulnerability_id":"VCID-6681-gqsc-3fca","summary":"WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0195","reference_id":"","reference_type":"","scores":[{"value":"0.02394","scoring_system":"epss","scoring_elements":"0.85323","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0195"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0195"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6681-gqsc-3fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105726?format=json","vulnerability_id":"VCID-6877-zgq5-f3fm","summary":"The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5266","reference_id":"","reference_type":"","scores":[{"value":"0.76306","scoring_system":"epss","scoring_elements":"0.98951","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5267"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5266"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6877-zgq5-f3fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105865?format=json","vulnerability_id":"VCID-69ua-dy2s-vbhg","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21661","reference_id":"","reference_type":"","scores":[{"value":"0.90365","scoring_system":"epss","scoring_elements":"0.9962","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21661"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243","reference_id":"1003243","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50663.txt","reference_id":"CVE-2022-21661","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50663.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135372?format=json","purl":"pkg:deb/debian/wordpress@5.7.5%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.5%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135371?format=json","purl":"pkg:deb/debian/wordpress@5.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-21661"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-dy2s-vbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105762?format=json","vulnerability_id":"VCID-6cgd-3gdj-hua6","summary":"WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5835","reference_id":"","reference_type":"","scores":[{"value":"0.01938","scoring_system":"epss","scoring_elements":"0.83742","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cgd-3gdj-hua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105586?format=json","vulnerability_id":"VCID-6d84-ff48-vbbd","summary":"WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0107","reference_id":"","reference_type":"","scores":[{"value":"0.06942","scoring_system":"epss","scoring_elements":"0.91578","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0107"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691","reference_id":"405691","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3095.py","reference_id":"CVE-2007-0107","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3095.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135251?format=json","purl":"pkg:deb/debian/wordpress@2.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0107"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d84-ff48-vbbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105754?format=json","vulnerability_id":"VCID-6qrr-7egy-v7gh","summary":"Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1564","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.718","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810325","reference_id":"810325","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810325"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135308?format=json","purl":"pkg:deb/debian/wordpress@4.4.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.4.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-1564"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qrr-7egy-v7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105824?format=json","vulnerability_id":"VCID-6u8g-8x7f-b7bb","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20153","reference_id":"","reference_type":"","scores":[{"value":"0.05377","scoring_system":"epss","scoring_elements":"0.90264","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20153"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6u8g-8x7f-b7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105686?format=json","vulnerability_id":"VCID-738u-cxhs-zbfr","summary":"Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2401","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77836","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2401"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2401"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-738u-cxhs-zbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105639?format=json","vulnerability_id":"VCID-75cq-zqh4-g7ap","summary":"Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4769","reference_id":"","reference_type":"","scores":[{"value":"0.1766","scoring_system":"epss","scoring_elements":"0.95229","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4769"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31670.txt","reference_id":"CVE-2008-4769;OSVDB-44591","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31670.txt"},{"reference_url":"https://www.securityfocus.com/bid/28845/info","reference_id":"CVE-2008-4769;OSVDB-44591","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/28845/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135266?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-4769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75cq-zqh4-g7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105594?format=json","vulnerability_id":"VCID-7bak-34p6-r7cb","summary":"Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1230","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69317","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1230"},{"reference_url":"https://security.gentoo.org/glsa/200703-23","reference_id":"GLSA-200703-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135255?format=json","purl":"pkg:deb/debian/wordpress@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1230"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bak-34p6-r7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105681?format=json","vulnerability_id":"VCID-7cpj-u8fy-gbaw","summary":"Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0287","reference_id":"","reference_type":"","scores":[{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69866","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0287"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135286?format=json","purl":"pkg:deb/debian/wordpress@3.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-0287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cpj-u8fy-gbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105757?format=json","vulnerability_id":"VCID-7g6e-71z5-2qbw","summary":"WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4029","reference_id":"","reference_type":"","scores":[{"value":"0.01427","scoring_system":"epss","scoring_elements":"0.80971","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135310?format=json","purl":"pkg:deb/debian/wordpress@4.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4029"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7g6e-71z5-2qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105729?format=json","vulnerability_id":"VCID-7jam-5u4u-3qfz","summary":"Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9032","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.6224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9032"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jam-5u4u-3qfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105560?format=json","vulnerability_id":"VCID-7pmj-gjrc-h7cx","summary":"WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a \"1\" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message.  NOTE: vector [1] was later reported to also affect WordPress 2.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2110","reference_id":"","reference_type":"","scores":[{"value":"0.01227","scoring_system":"epss","scoring_elements":"0.79483","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402","reference_id":"316402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135237?format=json","purl":"pkg:deb/debian/wordpress@1.5.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pmj-gjrc-h7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105630?format=json","vulnerability_id":"VCID-7t4p-r6yf-9kej","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1304","reference_id":"","reference_type":"","scores":[{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84781","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=437754","reference_id":"437754","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=437754"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31356.txt","reference_id":"CVE-2008-1304;OSVDB-43402","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31356.txt"},{"reference_url":"https://www.securityfocus.com/bid/28139/info","reference_id":"CVE-2008-1304;OSVDB-43402","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/28139/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31357.txt","reference_id":"CVE-2008-1304;OSVDB-43403","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31357.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-1304"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t4p-r6yf-9kej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105672?format=json","vulnerability_id":"VCID-7vy6-vvba-aba5","summary":"WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3127","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49935","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3127"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vy6-vvba-aba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105702?format=json","vulnerability_id":"VCID-7zd6-2rak-dqgs","summary":"The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0235","reference_id":"","reference_type":"","scores":[{"value":"0.5836","scoring_system":"epss","scoring_elements":"0.98231","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0235"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698916","reference_id":"698916","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135289?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0235"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zd6-2rak-dqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105635?format=json","vulnerability_id":"VCID-83g1-a6gp-2khq","summary":"Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3233","reference_id":"","reference_type":"","scores":[{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64937","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3233"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32053.txt","reference_id":"CVE-2008-3233;OSVDB-47938","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32053.txt"},{"reference_url":"https://www.securityfocus.com/bid/30238/info","reference_id":"CVE-2008-3233;OSVDB-47938","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30238/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-3233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83g1-a6gp-2khq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105647?format=json","vulnerability_id":"VCID-866z-53eu-3bhg","summary":"The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2336.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2336","reference_id":"","reference_type":"","scores":[{"value":"0.02303","scoring_system":"epss","scoring_elements":"0.8504","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745","reference_id":"510745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724","reference_id":"536724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2336"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-866z-53eu-3bhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97887?format=json","vulnerability_id":"VCID-86qc-4eay-nqh7","summary":"getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.","references":[{"reference_url":"http://getid3.sourceforge.net/source/changelog.txt","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://getid3.sourceforge.net/source/changelog.txt"},{"reference_url":"http://owncloud.org/about/security/advisories/oC-SA-2014-006","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://owncloud.org/about/security/advisories/oC-SA-2014-006"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2053","reference_id":"","reference_type":"","scores":[{"value":"0.03481","scoring_system":"epss","scoring_elements":"0.87788","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"http://secunia.com/advisories/58002","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58002"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/james-heinrich/getid3/CVE-2014-2053.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/james-heinrich/getid3/CVE-2014-2053.yaml"},{"reference_url":"https://github.com/JamesHeinrich/getID3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/JamesHeinrich/getID3"},{"reference_url":"https://github.com/JamesHeinrich/getID3/commit/afbdaa044a9a0a9dff2f800bd670e231b3ec99b2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/JamesHeinrich/getID3/commit/afbdaa044a9a0a9dff2f800bd670e231b3ec99b2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2053","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2053"},{"reference_url":"https://wordpress.org/news/2014/08/wordpress-3-9-2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wordpress.org/news/2014/08/wordpress-3-9-2"},{"reference_url":"http://www.debian.org/security/2014/dsa-3001","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-3001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2053","GHSA-5v43-55m5-qr8f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86qc-4eay-nqh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105783?format=json","vulnerability_id":"VCID-87ak-rgyr-7qgd","summary":"Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14726","reference_id":"","reference_type":"","scores":[{"value":"0.05803","scoring_system":"epss","scoring_elements":"0.90675","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14726"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87ak-rgyr-7qgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105750?format=json","vulnerability_id":"VCID-8bsb-hgw9-nygc","summary":"Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5734","reference_id":"","reference_type":"","scores":[{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87715","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsb-hgw9-nygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105801?format=json","vulnerability_id":"VCID-8cej-dba9-8ufz","summary":"In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6818","reference_id":"","reference_type":"","scores":[{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92892","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6818"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6818"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cej-dba9-8ufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105695?format=json","vulnerability_id":"VCID-8jmk-ufa4-1kew","summary":"wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4422","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47474","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135290?format=json","purl":"pkg:deb/debian/wordpress@3.4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4422"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jmk-ufa4-1kew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105876?format=json","vulnerability_id":"VCID-8pee-u966-nkb4","summary":"Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135376?format=json","purl":"pkg:deb/debian/wordpress@6.1.6%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.6%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135379?format=json","purl":"pkg:deb/debian/wordpress@6.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-38000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pee-u966-nkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105656?format=json","vulnerability_id":"VCID-8tc1-1vv9-8qh7","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3891","reference_id":"","reference_type":"","scores":[{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77778","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3891"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135278?format=json","purl":"pkg:deb/debian/wordpress@2.8.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3891"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tc1-1vv9-8qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105811?format=json","vulnerability_id":"VCID-8v6f-3sja-ukf3","summary":"Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10100","reference_id":"","reference_type":"","scores":[{"value":"0.06599","scoring_system":"epss","scoring_elements":"0.91339","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034","reference_id":"895034","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135345?format=json","purl":"pkg:deb/debian/wordpress@4.9.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8v6f-3sja-ukf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105670?format=json","vulnerability_id":"VCID-8w4w-k8de-mqer","summary":"Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to \"Various security hardening.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3125","reference_id":"","reference_type":"","scores":[{"value":"0.01125","scoring_system":"epss","scoring_elements":"0.78616","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8w4w-k8de-mqer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105622?format=json","vulnerability_id":"VCID-8ztu-2wv7-x3dj","summary":"SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a \"\\\" in a multibyte character.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6318.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6318","reference_id":"","reference_type":"","scores":[{"value":"0.03532","scoring_system":"epss","scoring_elements":"0.87873","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6318"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=421141","reference_id":"421141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=421141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459305","reference_id":"459305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459305"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4721.txt","reference_id":"OSVDB-39552;CVE-2007-6318","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4721.txt"},{"reference_url":"http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt","reference_id":"OSVDB-39552;CVE-2007-6318","reference_type":"exploit","scores":[],"url":"http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135263?format=json","purl":"pkg:deb/debian/wordpress@2.3.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.3.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-6318"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ztu-2wv7-x3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105675?format=json","vulnerability_id":"VCID-91dt-tbdt-w3fs","summary":"wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to \"Taxonomy query hardening,\" possibly involving SQL injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3130","reference_id":"","reference_type":"","scores":[{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3130"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3130"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91dt-tbdt-w3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105797?format=json","vulnerability_id":"VCID-9495-a8zg-u3fj","summary":"In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6814","reference_id":"","reference_type":"","scores":[{"value":"0.02424","scoring_system":"epss","scoring_elements":"0.85415","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6814"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9495-a8zg-u3fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105587?format=json","vulnerability_id":"VCID-9662-t6bc-zqbp","summary":"wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0109","reference_id":"","reference_type":"","scores":[{"value":"0.01387","scoring_system":"epss","scoring_elements":"0.80669","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0109"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135251?format=json","purl":"pkg:deb/debian/wordpress@2.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0109"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9662-t6bc-zqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105884?format=json","vulnerability_id":"VCID-98z7-p6b5-sqgz","summary":"WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069091","reference_id":"1069091","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135386?format=json","purl":"pkg:deb/debian/wordpress@6.5.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.5.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-4439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98z7-p6b5-sqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105625?format=json","vulnerability_id":"VCID-9a44-vw6b-4kd7","summary":"Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0193","reference_id":"","reference_type":"","scores":[{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83399","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0193"},{"reference_url":"https://www.securityfocus.com/bid/27123/info","reference_id":"CVE-2008-0192;OSVDB-40224","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/27123/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30979.txt","reference_id":"CVE-2008-0193;OSVDB-43408","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30979.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9a44-vw6b-4kd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105615?format=json","vulnerability_id":"VCID-9ekf-tztg-v3bp","summary":"Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4483","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6646","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4483"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ekf-tztg-v3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105839?format=json","vulnerability_id":"VCID-9kvv-9dug-53em","summary":"WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17672","reference_id":"","reference_type":"","scores":[{"value":"0.05346","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17672"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17672"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvv-9dug-53em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105813?format=json","vulnerability_id":"VCID-9wm5-txht-ukbf","summary":"Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10102","reference_id":"","reference_type":"","scores":[{"value":"0.05168","scoring_system":"epss","scoring_elements":"0.90069","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034","reference_id":"895034","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135345?format=json","purl":"pkg:deb/debian/wordpress@4.9.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wm5-txht-ukbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105626?format=json","vulnerability_id":"VCID-a1tf-b9sa-17ch","summary":"Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.  NOTE: this might be the same as CVE-2006-5705.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0194","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69461","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1tf-b9sa-17ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105688?format=json","vulnerability_id":"VCID-a81p-fpcx-buhj","summary":"wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2403","reference_id":"","reference_type":"","scores":[{"value":"0.03128","scoring_system":"epss","scoring_elements":"0.87098","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2403"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a81p-fpcx-buhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105721?format=json","vulnerability_id":"VCID-aaed-8fjf-9kc4","summary":"wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5203","reference_id":"","reference_type":"","scores":[{"value":"0.06913","scoring_system":"epss","scoring_elements":"0.91556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5203"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aaed-8fjf-9kc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105883?format=json","vulnerability_id":"VCID-aasj-4d3g-muct","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-32111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aasj-4d3g-muct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105607?format=json","vulnerability_id":"VCID-abg9-2fty-m3dh","summary":"SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3140","reference_id":"","reference_type":"","scores":[{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85826","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3140"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428073","reference_id":"428073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428073"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4039.txt","reference_id":"OSVDB-36321;CVE-2007-3140","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4039.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135259?format=json","purl":"pkg:deb/debian/wordpress@2.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abg9-2fty-m3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43430?format=json","vulnerability_id":"VCID-ac86-94ck-ybfu","summary":"Moodle vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"},{"reference_url":"http://moodle.org/security","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://moodle.org/security"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1619.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1619","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1619"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1107","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2010/1107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578811","reference_id":"578811","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578811"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1619","reference_id":"CVE-2010-1619","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1619"},{"reference_url":"https://github.com/advisories/GHSA-hhxf-w8hj-43w6","reference_id":"GHSA-hhxf-w8hj-43w6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hhxf-w8hj-43w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-1619","GHSA-hhxf-w8hj-43w6"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ac86-94ck-ybfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105658?format=json","vulnerability_id":"VCID-acts-aw98-5kc1","summary":"SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4257","reference_id":"","reference_type":"","scores":[{"value":"0.03296","scoring_system":"epss","scoring_elements":"0.87449","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4257"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603","reference_id":"605603","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135281?format=json","purl":"pkg:deb/debian/wordpress@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4257"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acts-aw98-5kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105661?format=json","vulnerability_id":"VCID-adwf-n3dp-dydy","summary":"wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5293","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60123","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5293"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135281?format=json","purl":"pkg:deb/debian/wordpress@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adwf-n3dp-dydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105553?format=json","vulnerability_id":"VCID-ahef-6gd1-7kfw","summary":"Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1688","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135235?format=json","purl":"pkg:deb/debian/wordpress@1.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-1688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahef-6gd1-7kfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105700?format=json","vulnerability_id":"VCID-apuj-vbgy-6ke8","summary":"wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6635","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6635"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135292?format=json","purl":"pkg:deb/debian/wordpress@3.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6635"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apuj-vbgy-6ke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6656?format=json","vulnerability_id":"VCID-atfu-p1bf-nqgk","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5493","reference_id":"","reference_type":"","scores":[{"value":"0.01668","scoring_system":"epss","scoring_elements":"0.82438","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5493"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atfu-p1bf-nqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105738?format=json","vulnerability_id":"VCID-ayjr-hr33-syfr","summary":"Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3429","reference_id":"","reference_type":"","scores":[{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81643","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3429"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784603","reference_id":"784603","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784603"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135301?format=json","purl":"pkg:deb/debian/wordpress@4.2.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3429"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayjr-hr33-syfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105823?format=json","vulnerability_id":"VCID-b399-wc8a-wbbz","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20152","reference_id":"","reference_type":"","scores":[{"value":"0.11676","scoring_system":"epss","scoring_elements":"0.93807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b399-wc8a-wbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105871?format=json","vulnerability_id":"VCID-b3pk-4whw-7uhu","summary":"Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43500","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77796","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575","reference_id":"1022575","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135374?format=json","purl":"pkg:deb/debian/wordpress@5.7.8%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.8%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135373?format=json","purl":"pkg:deb/debian/wordpress@6.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-43500"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3pk-4whw-7uhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105880?format=json","vulnerability_id":"VCID-b682-wkpy-7ffj","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486","reference_id":"1074486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135381?format=json","purl":"pkg:deb/debian/wordpress@5.7.14%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.14%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135382?format=json","purl":"pkg:deb/debian/wordpress@6.5.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.5.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-31111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b682-wkpy-7ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105599?format=json","vulnerability_id":"VCID-b6r3-9nab-t3h8","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1622","reference_id":"","reference_type":"","scores":[{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87419","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1622"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html","reference_id":"CVE-2007-1622;OSVDB-34348","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html"},{"reference_url":"https://www.securityfocus.com/bid/23027/info","reference_id":"CVE-2007-1622;OSVDB-34348","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23027/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6r3-9nab-t3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105629?format=json","vulnerability_id":"VCID-b73k-pawb-f7aw","summary":"The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0664","reference_id":"","reference_type":"","scores":[{"value":"0.07262","scoring_system":"epss","scoring_elements":"0.91776","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=431547","reference_id":"431547","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=431547"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464170","reference_id":"464170","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464170"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135265?format=json","purl":"pkg:deb/debian/wordpress@2.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b73k-pawb-f7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105882?format=json","vulnerability_id":"VCID-b8v7-6yck-2kaa","summary":"WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135385?format=json","purl":"pkg:deb/debian/wordpress@6.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-31211"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8v7-6yck-2kaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105601?format=json","vulnerability_id":"VCID-bc11-fsdn-17hj","summary":"xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to \"publish a previously saved post.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1893","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46139","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bc11-fsdn-17hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105651?format=json","vulnerability_id":"VCID-bmms-zqpv-qkba","summary":"Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2851.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2851.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2851","reference_id":"","reference_type":"","scores":[{"value":"0.02987","scoring_system":"epss","scoring_elements":"0.868","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2851"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512900","reference_id":"512900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512900"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9250.sh","reference_id":"CVE-2009-2851;OSVDB-56193","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9250.sh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2851"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmms-zqpv-qkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105777?format=json","vulnerability_id":"VCID-bsrc-zrnr-1kan","summary":"Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14721","reference_id":"","reference_type":"","scores":[{"value":"0.02645","scoring_system":"epss","scoring_elements":"0.86014","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14721"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsrc-zrnr-1kan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105706?format=json","vulnerability_id":"VCID-bt4p-ytpr-yybc","summary":"The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2199","reference_id":"","reference_type":"","scores":[{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.74919","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bt4p-ytpr-yybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7116?format=json","vulnerability_id":"VCID-bvbf-vb8r-afa1","summary":"information disclosure","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39200","reference_id":"","reference_type":"","scores":[{"value":"0.01767","scoring_system":"epss","scoring_elements":"0.8298","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39200"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994060","reference_id":"994060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994060"},{"reference_url":"https://security.archlinux.org/AVG-2373","reference_id":"AVG-2373","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135369?format=json","purl":"pkg:deb/debian/wordpress@5.7.3%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.3%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135368?format=json","purl":"pkg:deb/debian/wordpress@5.8.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-39200"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvbf-vb8r-afa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105663?format=json","vulnerability_id":"VCID-c2n3-c5dk-b3ct","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5295","reference_id":"","reference_type":"","scores":[{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66316","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5295"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135281?format=json","purl":"pkg:deb/debian/wordpress@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5295"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2n3-c5dk-b3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105764?format=json","vulnerability_id":"VCID-c33q-s42e-eyhs","summary":"WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5837","reference_id":"","reference_type":"","scores":[{"value":"0.00827","scoring_system":"epss","scoring_elements":"0.74843","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c33q-s42e-eyhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105774?format=json","vulnerability_id":"VCID-c9fz-yptv-9khn","summary":"Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14718","reference_id":"","reference_type":"","scores":[{"value":"0.02645","scoring_system":"epss","scoring_elements":"0.86014","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14718"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9fz-yptv-9khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105770?format=json","vulnerability_id":"VCID-cdd4-8q84-vue9","summary":"Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6897","reference_id":"","reference_type":"","scores":[{"value":"0.30259","scoring_system":"epss","scoring_elements":"0.96774","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090","reference_id":"837090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135307?format=json","purl":"pkg:deb/debian/wordpress@4.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdd4-8q84-vue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105844?format=json","vulnerability_id":"VCID-cj33-h6kk-s7ht","summary":"In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20042","reference_id":"","reference_type":"","scores":[{"value":"0.0505","scoring_system":"epss","scoring_elements":"0.89939","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20042"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905","reference_id":"946905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135361?format=json","purl":"pkg:deb/debian/wordpress@5.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-20042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj33-h6kk-s7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105711?format=json","vulnerability_id":"VCID-cm72-619e-yqf2","summary":"moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2204","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71439","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm72-619e-yqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105654?format=json","vulnerability_id":"VCID-cre2-sq8p-zkgb","summary":"Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated \"UTF-8\" substrings, related to the mb_convert_encoding function in PHP.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3622.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3622","reference_id":"","reference_type":"","scores":[{"value":"0.08278","scoring_system":"epss","scoring_elements":"0.92387","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3622"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530056","reference_id":"530056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530056"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135277?format=json","purl":"pkg:deb/debian/wordpress@2.8.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cre2-sq8p-zkgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105662?format=json","vulnerability_id":"VCID-cs6c-tkkh-9kdx","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5294","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72699","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135281?format=json","purl":"pkg:deb/debian/wordpress@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs6c-tkkh-9kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105570?format=json","vulnerability_id":"VCID-ctdu-ed92-2ubf","summary":"Multiple \"unannounced\" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1263","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57203","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135242?format=json","purl":"pkg:deb/debian/wordpress@2.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-1263"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctdu-ed92-2ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105746?format=json","vulnerability_id":"VCID-cz2c-kdyu-bff9","summary":"The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5730","reference_id":"","reference_type":"","scores":[{"value":"0.09542","scoring_system":"epss","scoring_elements":"0.93002","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5730"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz2c-kdyu-bff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6771?format=json","vulnerability_id":"VCID-d143-b9ws-xbfb","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7169","reference_id":"","reference_type":"","scores":[{"value":"0.03015","scoring_system":"epss","scoring_elements":"0.86855","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169"},{"reference_url":"https://security.archlinux.org/ASA-201609-32","reference_id":"ASA-201609-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-32"},{"reference_url":"https://security.archlinux.org/AVG-39","reference_id":"AVG-39","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135307?format=json","purl":"pkg:deb/debian/wordpress@4.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-7169"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d143-b9ws-xbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105636?format=json","vulnerability_id":"VCID-d7pz-hdu3-f7g8","summary":"The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3747.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3747","reference_id":"","reference_type":"","scores":[{"value":"0.01436","scoring_system":"epss","scoring_elements":"0.81043","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=460416","reference_id":"460416","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=460416"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497216","reference_id":"497216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135268?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-3747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7pz-hdu3-f7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105574?format=json","vulnerability_id":"VCID-d9p2-xrgv-t7cv","summary":"vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2702","reference_id":"","reference_type":"","scores":[{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.81059","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369014","reference_id":"369014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369014"},{"reference_url":"https://security.gentoo.org/glsa/200606-08","reference_id":"GLSA-200606-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135246?format=json","purl":"pkg:deb/debian/wordpress@2.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-2702"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9p2-xrgv-t7cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105748?format=json","vulnerability_id":"VCID-dapt-94r6-hqek","summary":"Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5732","reference_id":"","reference_type":"","scores":[{"value":"0.01687","scoring_system":"epss","scoring_elements":"0.82556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5732"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dapt-94r6-hqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105881?format=json","vulnerability_id":"VCID-dauy-7a55-wkaf","summary":"WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. Lower level users are not affected. Sites where the `DISALLOW_FILE_MODS` constant is set to `true` are not affected. Sites where an administrative user either does not need to enter FTP credentials or they have access to the valid FTP credentials, are not affected. The issue was fixed in WordPress 6.4.3 on January 30, 2024 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. A workaround is available. If the `DISALLOW_FILE_MODS` constant is defined as `true` then it will not be possible for any user to upload a plugin and therefore this issue will not be exploitable.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135376?format=json","purl":"pkg:deb/debian/wordpress@6.1.6%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.6%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135383?format=json","purl":"pkg:deb/debian/wordpress@6.4.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.4.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-31210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dauy-7a55-wkaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105873?format=json","vulnerability_id":"VCID-dbwd-rp71-fkfn","summary":"WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4973","reference_id":"","reference_type":"","scores":[{"value":"0.01268","scoring_system":"epss","scoring_elements":"0.7981","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4973"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018863","reference_id":"1018863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135374?format=json","purl":"pkg:deb/debian/wordpress@5.7.8%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.8%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135375?format=json","purl":"pkg:deb/debian/wordpress@6.0.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.0.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-4973"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbwd-rp71-fkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105563?format=json","vulnerability_id":"VCID-dcjq-1mfq-akc8","summary":"WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes.  NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4463","reference_id":"","reference_type":"","scores":[{"value":"0.01582","scoring_system":"epss","scoring_elements":"0.8192","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4463"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135239?format=json","purl":"pkg:deb/debian/wordpress@1.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-4463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcjq-1mfq-akc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76747?format=json","vulnerability_id":"VCID-dcsy-krau-4ueh","summary":"The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4796.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4796","reference_id":"","reference_type":"","scores":[{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4796"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=469320","reference_id":"469320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=469320"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504168","reference_id":"504168","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504234","reference_id":"504234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504234"},{"reference_url":"https://security.gentoo.org/glsa/201702-26","reference_id":"GLSA-201702-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135270?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-4796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcsy-krau-4ueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105808?format=json","vulnerability_id":"VCID-dctu-2n1a-pkfy","summary":"In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9064","reference_id":"","reference_type":"","scores":[{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79719","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9064"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9064"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dctu-2n1a-pkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105606?format=json","vulnerability_id":"VCID-djjc-fyfh-sqgf","summary":"SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2821","reference_id":"","reference_type":"","scores":[{"value":"0.05685","scoring_system":"epss","scoring_elements":"0.9056","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2821"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3960.php","reference_id":"OSVDB-36311;CVE-2007-2821","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3960.php"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135258?format=json","purl":"pkg:deb/debian/wordpress@2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2821"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djjc-fyfh-sqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3919?format=json","vulnerability_id":"VCID-dpk1-runp-pbfm","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28038","reference_id":"","reference_type":"","scores":[{"value":"0.176","scoring_system":"epss","scoring_elements":"0.95218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28038"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpk1-runp-pbfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105861?format=json","vulnerability_id":"VCID-dsrt-8rc7-w7hb","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39201","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66126","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994059","reference_id":"994059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994059"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135369?format=json","purl":"pkg:deb/debian/wordpress@5.7.3%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.3%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135368?format=json","purl":"pkg:deb/debian/wordpress@5.8.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-39201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsrt-8rc7-w7hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105849?format=json","vulnerability_id":"VCID-dxht-xtce-myae","summary":"In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11027","reference_id":"","reference_type":"","scores":[{"value":"0.42551","scoring_system":"epss","scoring_elements":"0.97533","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11027"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51531.py","reference_id":"CVE-2020-11027","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51531.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11027"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxht-xtce-myae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105802?format=json","vulnerability_id":"VCID-dyhm-9v3u-87cs","summary":"In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6819","reference_id":"","reference_type":"","scores":[{"value":"0.13419","scoring_system":"epss","scoring_elements":"0.94326","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6819"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6819"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhm-9v3u-87cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105696?format=json","vulnerability_id":"VCID-dyvh-cj55-rqdg","summary":"Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4448","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3565","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689031","reference_id":"689031","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689031"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135291?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyvh-cj55-rqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105800?format=json","vulnerability_id":"VCID-dztn-g6tp-p7hs","summary":"In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6817","reference_id":"","reference_type":"","scores":[{"value":"0.06131","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6817"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dztn-g6tp-p7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105833?format=json","vulnerability_id":"VCID-e6gz-2eyy-z3c4","summary":"WordPress before 5.2.3 allows XSS in post previews by authenticated users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16223","reference_id":"","reference_type":"","scores":[{"value":"0.04337","scoring_system":"epss","scoring_elements":"0.89106","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16223"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49338.txt","reference_id":"CVE-2019-16223","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49338.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16223"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gz-2eyy-z3c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105576?format=json","vulnerability_id":"VCID-ease-mtfb-vbb7","summary":"WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3390","reference_id":"","reference_type":"","scores":[{"value":"0.01387","scoring_system":"epss","scoring_elements":"0.80669","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135248?format=json","purl":"pkg:deb/debian/wordpress@2.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ease-mtfb-vbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105864?format=json","vulnerability_id":"VCID-eg3u-uaqx-m7f2","summary":"WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44223","reference_id":"","reference_type":"","scores":[{"value":"0.27489","scoring_system":"epss","scoring_elements":"0.96516","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135368?format=json","purl":"pkg:deb/debian/wordpress@5.8.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-44223"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eg3u-uaqx-m7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105674?format=json","vulnerability_id":"VCID-eh76-rg49-dqdh","summary":"The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running \"on hosts with dangerous security settings,\" has unknown impact and attack vectors, possibly related to dangerous filenames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3129","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70214","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3129"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh76-rg49-dqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105580?format=json","vulnerability_id":"VCID-ehut-9een-zyft","summary":"Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5705","reference_id":"","reference_type":"","scores":[{"value":"0.04873","scoring_system":"epss","scoring_elements":"0.89741","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5705"},{"reference_url":"https://security.gentoo.org/glsa/200611-10","reference_id":"GLSA-200611-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200611-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135250?format=json","purl":"pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.5-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-5705"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehut-9een-zyft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105853?format=json","vulnerability_id":"VCID-ejq2-w9hr-5fdy","summary":"In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25286","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69279","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-25286"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejq2-w9hr-5fdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105798?format=json","vulnerability_id":"VCID-epzv-yjc3-rfb5","summary":"In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6815","reference_id":"","reference_type":"","scores":[{"value":"0.06385","scoring_system":"epss","scoring_elements":"0.91178","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6815"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6815"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epzv-yjc3-rfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3925?format=json","vulnerability_id":"VCID-eu98-xttk-pbbj","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28032","reference_id":"","reference_type":"","scores":[{"value":"0.27967","scoring_system":"epss","scoring_elements":"0.9656","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28032"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu98-xttk-pbbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105588?format=json","vulnerability_id":"VCID-eye5-s6mk-f7et","summary":"wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.  NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0233","reference_id":"","reference_type":"","scores":[{"value":"0.11179","scoring_system":"epss","scoring_elements":"0.93633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0233"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3109.php","reference_id":"OSVDB-36860;CVE-2007-0233","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3109.php"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135252?format=json","purl":"pkg:deb/debian/wordpress@2.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eye5-s6mk-f7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105659?format=json","vulnerability_id":"VCID-eyrr-f6xe-83bt","summary":"Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4536","reference_id":"","reference_type":"","scores":[{"value":"0.03881","scoring_system":"epss","scoring_elements":"0.88454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4536"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135280?format=json","purl":"pkg:deb/debian/wordpress@3.0.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4536"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyrr-f6xe-83bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105840?format=json","vulnerability_id":"VCID-f4xs-ryt4-yqd8","summary":"WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17673","reference_id":"","reference_type":"","scores":[{"value":"0.03574","scoring_system":"epss","scoring_elements":"0.87941","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17673"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17673"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4xs-ryt4-yqd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105719?format=json","vulnerability_id":"VCID-f7py-hd2z-4bg4","summary":"WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0165","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75576","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018","reference_id":"744018","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135297?format=json","purl":"pkg:deb/debian/wordpress@3.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7py-hd2z-4bg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105789?format=json","vulnerability_id":"VCID-fe9q-kykp-m7h1","summary":"wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17094","reference_id":"","reference_type":"","scores":[{"value":"0.07945","scoring_system":"epss","scoring_elements":"0.92201","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314","reference_id":"883314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135314?format=json","purl":"pkg:deb/debian/wordpress@4.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-17094"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fe9q-kykp-m7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105784?format=json","vulnerability_id":"VCID-fean-kh3y-hub5","summary":"WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14990","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59934","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877629","reference_id":"877629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135328?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fean-kh3y-hub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105612?format=json","vulnerability_id":"VCID-fen6-f47q-z7d9","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php.  NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4153","reference_id":"","reference_type":"","scores":[{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.66172","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fen6-f47q-z7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3923?format=json","vulnerability_id":"VCID-fh3e-9a4w-4uc7","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28034","reference_id":"","reference_type":"","scores":[{"value":"0.02678","scoring_system":"epss","scoring_elements":"0.86113","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28034"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fh3e-9a4w-4uc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105640?format=json","vulnerability_id":"VCID-fhj3-7wac-rua4","summary":"WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access).  NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5113.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5113","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49103","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=471989","reference_id":"471989","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=471989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771","reference_id":"504771","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135271?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5113"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhj3-7wac-rua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105566?format=json","vulnerability_id":"VCID-fnn9-3y3f-ufgn","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the \"post comment\" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0985","reference_id":"","reference_type":"","scores":[{"value":"0.00891","scoring_system":"epss","scoring_elements":"0.7593","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0985"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355055","reference_id":"355055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355055"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135242?format=json","purl":"pkg:deb/debian/wordpress@2.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-0985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnn9-3y3f-ufgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105767?format=json","vulnerability_id":"VCID-fpdz-s2wj-wkaq","summary":"Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6634","reference_id":"","reference_type":"","scores":[{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.7409","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135310?format=json","purl":"pkg:deb/debian/wordpress@4.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpdz-s2wj-wkaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105856?format=json","vulnerability_id":"VCID-g62c-gvgx-4qbh","summary":"In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4048","reference_id":"","reference_type":"","scores":[{"value":"0.03502","scoring_system":"epss","scoring_elements":"0.87824","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-4048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685","reference_id":"962685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135365?format=json","purl":"pkg:deb/debian/wordpress@5.4.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-4048"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g62c-gvgx-4qbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105693?format=json","vulnerability_id":"VCID-g8rg-w2by-h3bt","summary":"Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the \"ExternalInterface.call\" function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3414","reference_id":"","reference_type":"","scores":[{"value":"0.06259","scoring_system":"epss","scoring_elements":"0.9107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698934","reference_id":"698934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698934"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37470.txt","reference_id":"CVE-2012-3414;OSVDB-83413","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37470.txt"},{"reference_url":"https://www.securityfocus.com/bid/54245/info","reference_id":"CVE-2012-3414;OSVDB-83413","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/54245/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135289?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8rg-w2by-h3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105652?format=json","vulnerability_id":"VCID-ga6s-6khh-5ka3","summary":"Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2853","reference_id":"","reference_type":"","scores":[{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79221","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2853"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2853"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga6s-6khh-5ka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105637?format=json","vulnerability_id":"VCID-gdxh-fyd4-duc3","summary":"WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a \"SQL column truncation vulnerability.\" NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4106.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4106.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4106","reference_id":"","reference_type":"","scores":[{"value":"0.14591","scoring_system":"epss","scoring_elements":"0.94595","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4106"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=462770","reference_id":"462770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=462770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500115","reference_id":"500115","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500115"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135269?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-4106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdxh-fyd4-duc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105763?format=json","vulnerability_id":"VCID-gfsz-2cdj-27eg","summary":"The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5836","reference_id":"","reference_type":"","scores":[{"value":"0.07246","scoring_system":"epss","scoring_elements":"0.91767","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5836"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfsz-2cdj-27eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105845?format=json","vulnerability_id":"VCID-ghbj-tsw7-t7hh","summary":"In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20043","reference_id":"","reference_type":"","scores":[{"value":"0.0117","scoring_system":"epss","scoring_elements":"0.79002","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20043"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905","reference_id":"946905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135361?format=json","purl":"pkg:deb/debian/wordpress@5.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-20043"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghbj-tsw7-t7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105548?format=json","vulnerability_id":"VCID-gj8w-ddjc-7qgb","summary":"SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1598","reference_id":"","reference_type":"","scores":[{"value":"0.01082","scoring_system":"epss","scoring_elements":"0.78201","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135229?format=json","purl":"pkg:deb/debian/wordpress@1.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2003-1598"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj8w-ddjc-7qgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105814?format=json","vulnerability_id":"VCID-gnzp-c32h-s3fk","summary":"WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12895","reference_id":"","reference_type":"","scores":[{"value":"0.89594","scoring_system":"epss","scoring_elements":"0.99576","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12895"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902876","reference_id":"902876","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135347?format=json","purl":"pkg:deb/debian/wordpress@4.9.7%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.7%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnzp-c32h-s3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105603?format=json","vulnerability_id":"VCID-gt9h-vfhr-rkac","summary":"SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1897","reference_id":"","reference_type":"","scores":[{"value":"0.05002","scoring_system":"epss","scoring_elements":"0.89885","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1897"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3656.pl","reference_id":"OSVDB-34351;CVE-2007-1897","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3656.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gt9h-vfhr-rkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105689?format=json","vulnerability_id":"VCID-gxd5-vxga-a3cg","summary":"wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2404","reference_id":"","reference_type":"","scores":[{"value":"0.02327","scoring_system":"epss","scoring_elements":"0.85115","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxd5-vxga-a3cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105699?format=json","vulnerability_id":"VCID-h3zs-njgt-47d2","summary":"wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6634","reference_id":"","reference_type":"","scores":[{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74525","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135292?format=json","purl":"pkg:deb/debian/wordpress@3.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3zs-njgt-47d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105577?format=json","vulnerability_id":"VCID-hcuz-zkyn-sbgm","summary":"Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors.  NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4028","reference_id":"","reference_type":"","scores":[{"value":"0.05593","scoring_system":"epss","scoring_elements":"0.90469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4028"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135248?format=json","purl":"pkg:deb/debian/wordpress@2.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-4028"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-zkyn-sbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105842?format=json","vulnerability_id":"VCID-hfkf-dbke-6fdm","summary":"WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17675","reference_id":"","reference_type":"","scores":[{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76376","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17675"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17675"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfkf-dbke-6fdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105807?format=json","vulnerability_id":"VCID-hq3r-rgb5-pbch","summary":"In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9063","reference_id":"","reference_type":"","scores":[{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.81118","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9063"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq3r-rgb5-pbch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105655?format=json","vulnerability_id":"VCID-hrt4-v7uj-bqbq","summary":"Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3890","reference_id":"","reference_type":"","scores":[{"value":"0.10487","scoring_system":"epss","scoring_elements":"0.93378","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3890"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/10089.txt","reference_id":"CVE-2009-3890;OSVDB-59958","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/10089.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135278?format=json","purl":"pkg:deb/debian/wordpress@2.8.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3890"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrt4-v7uj-bqbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105605?format=json","vulnerability_id":"VCID-hspp-fdtz-vkhp","summary":"Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2714","reference_id":"","reference_type":"","scores":[{"value":"0.14939","scoring_system":"epss","scoring_elements":"0.94678","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2714"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30036.html","reference_id":"CVE-2007-2714;OSVDB-37290","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30036.html"},{"reference_url":"https://www.securityfocus.com/bid/23965/info","reference_id":"CVE-2007-2714;OSVDB-37290","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23965/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135258?format=json","purl":"pkg:deb/debian/wordpress@2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hspp-fdtz-vkhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105634?format=json","vulnerability_id":"VCID-hxjn-3ekk-ayau","summary":"Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2392","reference_id":"","reference_type":"","scores":[{"value":"0.01929","scoring_system":"epss","scoring_elements":"0.83713","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2392"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=447888","reference_id":"447888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=447888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485807","reference_id":"485807","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135267?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-2392"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxjn-3ekk-ayau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105669?format=json","vulnerability_id":"VCID-j5px-hzbq-kyge","summary":"Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to \"Media security.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3122","reference_id":"","reference_type":"","scores":[{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79545","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3122"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3122"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5px-hzbq-kyge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105571?format=json","vulnerability_id":"VCID-jfwb-5zhn-rfdx","summary":"Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1796","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.64149","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1796"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909","reference_id":"328909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135245?format=json","purl":"pkg:deb/debian/wordpress@2.0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-1796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfwb-5zhn-rfdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46933?format=json","vulnerability_id":"VCID-jgpk-6myg-mkds","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nPHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3215","reference_id":"","reference_type":"","scores":[{"value":"0.04403","scoring_system":"epss","scoring_elements":"0.8919","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3215"},{"reference_url":"https://cxsecurity.com/issue/WLB-2007060063","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cxsecurity.com/issue/WLB-2007060063"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"},{"reference_url":"https://github.com/PHPMailer/PHPMailer","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PHPMailer/PHPMailer"},{"reference_url":"https://seclists.org/fulldisclosure/2011/Oct/223","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/fulldisclosure/2011/Oct/223"},{"reference_url":"https://sourceforge.net/p/phpmailer/bugs/192","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sourceforge.net/p/phpmailer/bugs/192"},{"reference_url":"https://sourceforge.net/p/phpmailer/bugs/192/","reference_id":"","reference_type":"","scores":[],"url":"https://sourceforge.net/p/phpmailer/bugs/192/"},{"reference_url":"https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution"},{"reference_url":"https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"},{"reference_url":"https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429179","reference_id":"429179","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429179"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429194","reference_id":"429194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429194"},{"reference_url":"https://github.com/advisories/GHSA-6h78-85v2-mmch","reference_id":"GHSA-6h78-85v2-mmch","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6h78-85v2-mmch"},{"reference_url":"https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch","reference_id":"GHSA-6h78-85v2-mmch","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135259?format=json","purl":"pkg:deb/debian/wordpress@2.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3215","GHSA-6h78-85v2-mmch"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgpk-6myg-mkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105730?format=json","vulnerability_id":"VCID-jjrh-ks8y-7yey","summary":"Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9033","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74475","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9033"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjrh-ks8y-7yey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105597?format=json","vulnerability_id":"VCID-jru2-pbp5-1kha","summary":"WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1409","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70008","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1409"},{"reference_url":"https://security.gentoo.org/glsa/200703-23","reference_id":"GLSA-200703-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1409"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jru2-pbp5-1kha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105782?format=json","vulnerability_id":"VCID-juwu-drm6-6kh3","summary":"Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14725","reference_id":"","reference_type":"","scores":[{"value":"0.04176","scoring_system":"epss","scoring_elements":"0.88888","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14725"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-juwu-drm6-6kh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105665?format=json","vulnerability_id":"VCID-jwm9-9ehm-d3fx","summary":"WordPress before 3.0.1, when a Multisite installation is used, permanently retains the \"site administrators can add users\" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5297","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5297"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135283?format=json","purl":"pkg:deb/debian/wordpress@3.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwm9-9ehm-d3fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105885?format=json","vulnerability_id":"VCID-k1mb-d89c-hfah","summary":"WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486","reference_id":"1074486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135381?format=json","purl":"pkg:deb/debian/wordpress@5.7.14%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.14%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135382?format=json","purl":"pkg:deb/debian/wordpress@6.5.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.5.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-6307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1mb-d89c-hfah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105621?format=json","vulnerability_id":"VCID-k2uj-d9d2-m7e8","summary":"Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6013","reference_id":"","reference_type":"","scores":[{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.82502","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=392411","reference_id":"392411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=392411"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452251","reference_id":"452251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135262?format=json","purl":"pkg:deb/debian/wordpress@2.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-6013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2uj-d9d2-m7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105567?format=json","vulnerability_id":"VCID-k3zv-bbwz-kkep","summary":"WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory.  NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463.  The menu-header.php vector is already covered by CVE-2005-2110.  Other vectors might be covered by CVE-2005-1688.  NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0986","reference_id":"","reference_type":"","scores":[{"value":"0.02177","scoring_system":"epss","scoring_elements":"0.84653","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0986"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355055","reference_id":"355055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355055"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135242?format=json","purl":"pkg:deb/debian/wordpress@2.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-0986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3zv-bbwz-kkep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105617?format=json","vulnerability_id":"VCID-k7fx-26ky-4uch","summary":"Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to \"early database escaping\" and missing validation of \"query string like parameters.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4894","reference_id":"","reference_type":"","scores":[{"value":"0.04032","scoring_system":"epss","scoring_elements":"0.88696","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135260?format=json","purl":"pkg:deb/debian/wordpress@2.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7fx-26ky-4uch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105646?format=json","vulnerability_id":"VCID-k8pg-n4ck-cuaz","summary":"WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2335.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2335.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2335","reference_id":"","reference_type":"","scores":[{"value":"0.85338","scoring_system":"epss","scoring_elements":"0.99378","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2335"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745","reference_id":"510745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724","reference_id":"536724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17702.rb","reference_id":"CVE-2009-2335;OSVDB-55713","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17702.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2335"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8pg-n4ck-cuaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105618?format=json","vulnerability_id":"VCID-kagv-fxmw-bfdp","summary":"Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5105","reference_id":"","reference_type":"","scores":[{"value":"0.01749","scoring_system":"epss","scoring_elements":"0.829","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5105"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30602.html","reference_id":"CVE-2007-5105;OSVDB-38577","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30602.html"},{"reference_url":"https://www.securityfocus.com/bid/25769/info","reference_id":"CVE-2007-5105;OSVDB-38577","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/25769/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135248?format=json","purl":"pkg:deb/debian/wordpress@2.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-5105"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kagv-fxmw-bfdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105769?format=json","vulnerability_id":"VCID-kcsk-68w5-pyew","summary":"Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6896","reference_id":"","reference_type":"","scores":[{"value":"0.35182","scoring_system":"epss","scoring_elements":"0.97128","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090","reference_id":"837090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40288.txt","reference_id":"CVE-2016-6897;CVE-2016-6896","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40288.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135307?format=json","purl":"pkg:deb/debian/wordpress@4.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6896"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsk-68w5-pyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105575?format=json","vulnerability_id":"VCID-kg28-64q2-pfdt","summary":"index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message.  NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3389","reference_id":"","reference_type":"","scores":[{"value":"0.01649","scoring_system":"epss","scoring_elements":"0.82344","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3389"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135248?format=json","purl":"pkg:deb/debian/wordpress@2.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kg28-64q2-pfdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105604?format=json","vulnerability_id":"VCID-khz5-y4rw-g7bf","summary":"Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2627","reference_id":"","reference_type":"","scores":[{"value":"0.01073","scoring_system":"epss","scoring_elements":"0.78105","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khz5-y4rw-g7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105867?format=json","vulnerability_id":"VCID-kv4q-f3qr-9qct","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21663","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54468","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21663"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243","reference_id":"1003243","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135372?format=json","purl":"pkg:deb/debian/wordpress@5.7.5%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.5%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135371?format=json","purl":"pkg:deb/debian/wordpress@5.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-21663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kv4q-f3qr-9qct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105776?format=json","vulnerability_id":"VCID-kxnw-4kb5-kyde","summary":"Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14720","reference_id":"","reference_type":"","scores":[{"value":"0.02645","scoring_system":"epss","scoring_elements":"0.86014","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14720"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14720"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxnw-4kb5-kyde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105831?format=json","vulnerability_id":"VCID-kyw4-6fg2-wyab","summary":"WordPress before 5.2.3 allows reflected XSS in the dashboard.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16221","reference_id":"","reference_type":"","scores":[{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85477","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16221"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyw4-6fg2-wyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105799?format=json","vulnerability_id":"VCID-m1sd-29v3-yuhx","summary":"In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6816","reference_id":"","reference_type":"","scores":[{"value":"0.02621","scoring_system":"epss","scoring_elements":"0.85946","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6816"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026","reference_id":"857026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026"},{"reference_url":"https://security.archlinux.org/ASA-201703-14","reference_id":"ASA-201703-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-14"},{"reference_url":"https://security.archlinux.org/AVG-202","reference_id":"AVG-202","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135338?format=json","purl":"pkg:deb/debian/wordpress@4.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6816"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1sd-29v3-yuhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105709?format=json","vulnerability_id":"VCID-m2ra-q2uw-rucx","summary":"WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2202","reference_id":"","reference_type":"","scores":[{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80477","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ra-q2uw-rucx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105589?format=json","vulnerability_id":"VCID-m341-z3pk-v3bf","summary":"WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0262","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.7689","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407289","reference_id":"407289","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135253?format=json","purl":"pkg:deb/debian/wordpress@2.0.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0262"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m341-z3pk-v3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105888?format=json","vulnerability_id":"VCID-m7wf-su66-w3ck","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047","reference_id":"1117047","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135381?format=json","purl":"pkg:deb/debian/wordpress@5.7.14%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.14%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135388?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-58674"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7wf-su66-w3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105645?format=json","vulnerability_id":"VCID-mb1g-guxx-1qd4","summary":"wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2334.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2334.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2334","reference_id":"","reference_type":"","scores":[{"value":"0.12303","scoring_system":"epss","scoring_elements":"0.93998","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2334"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745","reference_id":"510745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724","reference_id":"536724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724"},{"reference_url":"http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked","reference_id":"CVE-2009-2334;OSVDB-55712","reference_type":"exploit","scores":[],"url":"http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9110.txt","reference_id":"CVE-2009-2334;OSVDB-55712","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9110.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2334"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mb1g-guxx-1qd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105758?format=json","vulnerability_id":"VCID-mg9f-c4t1-kkfj","summary":"Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4566","reference_id":"","reference_type":"","scores":[{"value":"0.04653","scoring_system":"epss","scoring_elements":"0.89488","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4566"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823640","reference_id":"823640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823640"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135311?format=json","purl":"pkg:deb/debian/wordpress@4.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4566"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg9f-c4t1-kkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43533?format=json","vulnerability_id":"VCID-mh2f-ytz5-9fhg","summary":"PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests\nclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283"},{"reference_url":"http://openwall.com/lists/oss-security/2013/01/21/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/01/21/1"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6112","reference_id":"","reference_type":"","scores":[{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69833","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6112"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0"},{"reference_url":"https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3"},{"reference_url":"https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a"},{"reference_url":"https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb"},{"reference_url":"https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=220157","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=220157"},{"reference_url":"https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell"},{"reference_url":"https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667","reference_id":"701667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6112","reference_id":"CVE-2012-6112","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6112"},{"reference_url":"https://github.com/advisories/GHSA-fx5h-3786-h2w6","reference_id":"GHSA-fx5h-3786-h2w6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fx5h-3786-h2w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135291?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6112","GHSA-fx5h-3786-h2w6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105740?format=json","vulnerability_id":"VCID-mks2-64jg-97bv","summary":"Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3439","reference_id":"","reference_type":"","scores":[{"value":"0.03125","scoring_system":"epss","scoring_elements":"0.87092","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347","reference_id":"783347","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135302?format=json","purl":"pkg:deb/debian/wordpress@4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mks2-64jg-97bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105728?format=json","vulnerability_id":"VCID-mp7w-74vc-dqa3","summary":"Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9031","reference_id":"","reference_type":"","scores":[{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69858","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mp7w-74vc-dqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6660?format=json","vulnerability_id":"VCID-mr7z-mfz3-9bhm","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5489","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66835","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5489"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mr7z-mfz3-9bhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105821?format=json","vulnerability_id":"VCID-mszv-nwtz-yfc1","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20150","reference_id":"","reference_type":"","scores":[{"value":"0.07368","scoring_system":"epss","scoring_elements":"0.91856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20150"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20150"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mszv-nwtz-yfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3922?format=json","vulnerability_id":"VCID-mxrj-1czt-zqd8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28035","reference_id":"","reference_type":"","scores":[{"value":"0.06561","scoring_system":"epss","scoring_elements":"0.91308","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28035"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxrj-1czt-zqd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105554?format=json","vulnerability_id":"VCID-n38v-jy9b-1bd2","summary":"SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1810","reference_id":"","reference_type":"","scores":[{"value":"0.01638","scoring_system":"epss","scoring_elements":"0.82271","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1810"},{"reference_url":"https://security.gentoo.org/glsa/200506-04","reference_id":"GLSA-200506-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200506-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135236?format=json","purl":"pkg:deb/debian/wordpress@1.5.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-1810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n38v-jy9b-1bd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105684?format=json","vulnerability_id":"VCID-ngvt-vtwv-6ue2","summary":"Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2399","reference_id":"","reference_type":"","scores":[{"value":"0.03863","scoring_system":"epss","scoring_elements":"0.88431","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2399"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngvt-vtwv-6ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105722?format=json","vulnerability_id":"VCID-nq4c-xfxt-8fau","summary":"wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5204","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46458","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nq4c-xfxt-8fau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105868?format=json","vulnerability_id":"VCID-nrd2-nsrz-uyef","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21664","reference_id":"","reference_type":"","scores":[{"value":"0.03738","scoring_system":"epss","scoring_elements":"0.88212","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21664"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243","reference_id":"1003243","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135372?format=json","purl":"pkg:deb/debian/wordpress@5.7.5%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.5%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135371?format=json","purl":"pkg:deb/debian/wordpress@5.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-21664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrd2-nsrz-uyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105648?format=json","vulnerability_id":"VCID-nrvy-4cbb-xkec","summary":"WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2431.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2431.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2431","reference_id":"","reference_type":"","scores":[{"value":"0.01187","scoring_system":"epss","scoring_elements":"0.7914","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745","reference_id":"510745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537146","reference_id":"537146","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2431"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrvy-4cbb-xkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105620?format=json","vulnerability_id":"VCID-ny56-hfwz-vybb","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5710","reference_id":"","reference_type":"","scores":[{"value":"0.03339","scoring_system":"epss","scoring_elements":"0.87524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5710"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30715.txt","reference_id":"CVE-2007-5710;OSVDB-38279","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30715.txt"},{"reference_url":"https://www.securityfocus.com/bid/26228/info","reference_id":"CVE-2007-5710;OSVDB-38279","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/26228/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135261?format=json","purl":"pkg:deb/debian/wordpress@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-5710"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny56-hfwz-vybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105723?format=json","vulnerability_id":"VCID-ny5x-3x9s-2kcg","summary":"wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5205","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34039","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny5x-3x9s-2kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105712?format=json","vulnerability_id":"VCID-ny71-e7za-8qex","summary":"The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2205","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69569","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny71-e7za-8qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105745?format=json","vulnerability_id":"VCID-p66z-a8th-zye8","summary":"The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5715","reference_id":"","reference_type":"","scores":[{"value":"0.28517","scoring_system":"epss","scoring_elements":"0.96614","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140","reference_id":"799140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135305?format=json","purl":"pkg:deb/debian/wordpress@4.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.3.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5715"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p66z-a8th-zye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105752?format=json","vulnerability_id":"VCID-p7r2-g8wj-6fha","summary":"Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8834","reference_id":"","reference_type":"","scores":[{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73463","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135301?format=json","purl":"pkg:deb/debian/wordpress@4.2.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7r2-g8wj-6fha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105734?format=json","vulnerability_id":"VCID-pdbx-7mtr-yya1","summary":"WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9037","reference_id":"","reference_type":"","scores":[{"value":"0.02617","scoring_system":"epss","scoring_elements":"0.85935","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9037"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdbx-7mtr-yya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105809?format=json","vulnerability_id":"VCID-pjuk-25hx-yycm","summary":"In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9065","reference_id":"","reference_type":"","scores":[{"value":"0.03545","scoring_system":"epss","scoring_elements":"0.87891","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9065"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9065"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjuk-25hx-yycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105846?format=json","vulnerability_id":"VCID-pkqc-ufuf-sfhu","summary":"WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9787","reference_id":"","reference_type":"","scores":[{"value":"0.81017","scoring_system":"epss","scoring_elements":"0.99175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924546","reference_id":"924546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924546"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135363?format=json","purl":"pkg:deb/debian/wordpress@5.1.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.1.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9787"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkqc-ufuf-sfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105787?format=json","vulnerability_id":"VCID-pkxk-hbhs-13ca","summary":"wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17092","reference_id":"","reference_type":"","scores":[{"value":"0.04916","scoring_system":"epss","scoring_elements":"0.89788","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314","reference_id":"883314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135314?format=json","purl":"pkg:deb/debian/wordpress@4.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-17092"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkxk-hbhs-13ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105632?format=json","vulnerability_id":"VCID-pv2p-ns3s-xff8","summary":"Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2068.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2068","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72087","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2068"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=444396","reference_id":"444396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=444396"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135266?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-2068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pv2p-ns3s-xff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105747?format=json","vulnerability_id":"VCID-pww3-ez3f-n3av","summary":"Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5731","reference_id":"","reference_type":"","scores":[{"value":"0.14757","scoring_system":"epss","scoring_elements":"0.94619","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5731"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pww3-ez3f-n3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105817?format=json","vulnerability_id":"VCID-pzxy-b1pr-wqgf","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20147","reference_id":"","reference_type":"","scores":[{"value":"0.05788","scoring_system":"epss","scoring_elements":"0.90656","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20147"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzxy-b1pr-wqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105562?format=json","vulnerability_id":"VCID-q2tj-usbh-57bu","summary":"The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3330","reference_id":"","reference_type":"","scores":[{"value":"0.23773","scoring_system":"epss","scoring_elements":"0.96107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3330"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/26424.txt","reference_id":"CVE-2005-3330;OSVDB-20316","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/26424.txt"},{"reference_url":"https://www.securityfocus.com/bid/15213/info","reference_id":"CVE-2005-3330;OSVDB-20316","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/15213/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-3330"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2tj-usbh-57bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105822?format=json","vulnerability_id":"VCID-q5g1-gaat-ruak","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20151","reference_id":"","reference_type":"","scores":[{"value":"0.06796","scoring_system":"epss","scoring_elements":"0.9148","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20151"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20151"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5g1-gaat-ruak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105792?format=json","vulnerability_id":"VCID-qd3z-zv51-jfha","summary":"SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5611","reference_id":"","reference_type":"","scores":[{"value":"0.12378","scoring_system":"epss","scoring_elements":"0.94022","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767","reference_id":"852767","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135315?format=json","purl":"pkg:deb/debian/wordpress@4.7.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5611"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd3z-zv51-jfha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105731?format=json","vulnerability_id":"VCID-qfr6-1q5v-mqav","summary":"wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9034","reference_id":"","reference_type":"","scores":[{"value":"0.77914","scoring_system":"epss","scoring_elements":"0.99023","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35413.php","reference_id":"CVE-2014-9034;OSVDB-114857","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35413.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35414.txt","reference_id":"CVE-2014-9034;OSVDB-114857","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35414.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9034"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfr6-1q5v-mqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105753?format=json","vulnerability_id":"VCID-qhf5-wsdq-pyad","summary":"The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10148","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63944","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135307?format=json","purl":"pkg:deb/debian/wordpress@4.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhf5-wsdq-pyad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105716?format=json","vulnerability_id":"VCID-qjxx-4awt-c7cq","summary":"The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5738","reference_id":"","reference_type":"","scores":[{"value":"0.00715","scoring_system":"epss","scoring_elements":"0.7273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135295?format=json","purl":"pkg:deb/debian/wordpress@3.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-5738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjxx-4awt-c7cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105595?format=json","vulnerability_id":"VCID-qnzv-m1wn-8fak","summary":"Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php.  NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1244","reference_id":"","reference_type":"","scores":[{"value":"0.07986","scoring_system":"epss","scoring_elements":"0.92232","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1244"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29682.txt","reference_id":"CVE-2007-1244;OSVDB-33788","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29682.txt"},{"reference_url":"https://www.securityfocus.com/bid/22735/info","reference_id":"CVE-2007-1244;OSVDB-33788","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/22735/info"},{"reference_url":"https://security.gentoo.org/glsa/200703-23","reference_id":"GLSA-200703-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135255?format=json","purl":"pkg:deb/debian/wordpress@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnzv-m1wn-8fak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105825?format=json","vulnerability_id":"VCID-qp7n-4s3c-6qhp","summary":"WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5776","reference_id":"","reference_type":"","scores":[{"value":"0.02834","scoring_system":"epss","scoring_elements":"0.86457","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887596","reference_id":"887596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135359?format=json","purl":"pkg:deb/debian/wordpress@4.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp7n-4s3c-6qhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105786?format=json","vulnerability_id":"VCID-qs91-8ygn-nqch","summary":"wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17091","reference_id":"","reference_type":"","scores":[{"value":"0.0343","scoring_system":"epss","scoring_elements":"0.87685","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17091"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314","reference_id":"883314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135314?format=json","purl":"pkg:deb/debian/wordpress@4.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-17091"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs91-8ygn-nqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105714?format=json","vulnerability_id":"VCID-qvub-dp47-vbat","summary":"WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4339","reference_id":"","reference_type":"","scores":[{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75751","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537","reference_id":"722537","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135295?format=json","purl":"pkg:deb/debian/wordpress@3.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4339"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvub-dp47-vbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105847?format=json","vulnerability_id":"VCID-qx65-y71k-2qau","summary":"In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11025","reference_id":"","reference_type":"","scores":[{"value":"0.01427","scoring_system":"epss","scoring_elements":"0.80972","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11025"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11025"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qx65-y71k-2qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105593?format=json","vulnerability_id":"VCID-qzaf-evr4-pfcp","summary":"Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1049","reference_id":"","reference_type":"","scores":[{"value":"0.06232","scoring_system":"epss","scoring_elements":"0.91046","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1049"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29598.txt","reference_id":"CVE-2007-1049;OSVDB-33766","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29598.txt"},{"reference_url":"https://www.securityfocus.com/bid/22534/info","reference_id":"CVE-2007-1049;OSVDB-33766","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/22534/info"},{"reference_url":"https://security.gentoo.org/glsa/200703-23","reference_id":"GLSA-200703-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135254?format=json","purl":"pkg:deb/debian/wordpress@2.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1049"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzaf-evr4-pfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105558?format=json","vulnerability_id":"VCID-qzwe-8x12-r7dt","summary":"wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2109","reference_id":"","reference_type":"","scores":[{"value":"0.01077","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402","reference_id":"316402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135237?format=json","purl":"pkg:deb/debian/wordpress@1.5.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2109"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzwe-8x12-r7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105602?format=json","vulnerability_id":"VCID-r2cd-3tf8-zuhv","summary":"Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1894","reference_id":"","reference_type":"","scores":[{"value":"0.05805","scoring_system":"epss","scoring_elements":"0.90677","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2cd-3tf8-zuhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105613?format=json","vulnerability_id":"VCID-r6w8-x2pd-j7cb","summary":"SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4154","reference_id":"","reference_type":"","scores":[{"value":"0.00715","scoring_system":"epss","scoring_elements":"0.72731","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4154"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6w8-x2pd-j7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105755?format=json","vulnerability_id":"VCID-rcwa-qhwg-qqgf","summary":"Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2221","reference_id":"","reference_type":"","scores":[{"value":"0.03465","scoring_system":"epss","scoring_elements":"0.8775","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697","reference_id":"813697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135309?format=json","purl":"pkg:deb/debian/wordpress@4.4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-2221"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcwa-qhwg-qqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105642?format=json","vulnerability_id":"VCID-rep6-128a-qbf8","summary":"wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5695","reference_id":"","reference_type":"","scores":[{"value":"0.16371","scoring_system":"epss","scoring_elements":"0.94983","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5695"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510786","reference_id":"510786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510786"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/5066.php","reference_id":"OSVDB-41134;CVE-2008-5695","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/5066.php"},{"reference_url":"http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html","reference_id":"OSVDB-41134;CVE-2008-5695","reference_type":"exploit","scores":[],"url":"http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135273?format=json","purl":"pkg:deb/debian/wordpress@2.3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5695"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rep6-128a-qbf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105810?format=json","vulnerability_id":"VCID-rke2-tdkd-pbag","summary":"In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9066","reference_id":"","reference_type":"","scores":[{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80824","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9066"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rke2-tdkd-pbag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105793?format=json","vulnerability_id":"VCID-rqfx-c8ub-gqfd","summary":"Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5612","reference_id":"","reference_type":"","scores":[{"value":"0.01526","scoring_system":"epss","scoring_elements":"0.81615","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767","reference_id":"852767","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135315?format=json","purl":"pkg:deb/debian/wordpress@4.7.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5612"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqfx-c8ub-gqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105671?format=json","vulnerability_id":"VCID-rtus-pe6v-g3db","summary":"WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3126","reference_id":"","reference_type":"","scores":[{"value":"0.00969","scoring_system":"epss","scoring_elements":"0.76957","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3126"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtus-pe6v-g3db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105583?format=json","vulnerability_id":"VCID-rvck-7bb6-cqf1","summary":"WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6017","reference_id":"","reference_type":"","scores":[{"value":"0.02824","scoring_system":"epss","scoring_elements":"0.86435","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135250?format=json","purl":"pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.5-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-6017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvck-7bb6-cqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105841?format=json","vulnerability_id":"VCID-ryeh-8kus-1bc5","summary":"WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17674","reference_id":"","reference_type":"","scores":[{"value":"0.02484","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17674"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17674"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryeh-8kus-1bc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105585?format=json","vulnerability_id":"VCID-s5g7-9b6f-yfc6","summary":"Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0106","reference_id":"","reference_type":"","scores":[{"value":"0.02143","scoring_system":"epss","scoring_elements":"0.84535","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0106"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691","reference_id":"405691","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135251?format=json","purl":"pkg:deb/debian/wordpress@2.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5g7-9b6f-yfc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105685?format=json","vulnerability_id":"VCID-s6ca-u4u4-67dj","summary":"Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2400","reference_id":"","reference_type":"","scores":[{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82829","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2400"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124","reference_id":"670124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135287?format=json","purl":"pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ca-u4u4-67dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3918?format=json","vulnerability_id":"VCID-scs7-a2fa-xqad","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28039","reference_id":"","reference_type":"","scores":[{"value":"0.06686","scoring_system":"epss","scoring_elements":"0.91402","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28039"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scs7-a2fa-xqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105741?format=json","vulnerability_id":"VCID-segt-uewd-j7f2","summary":"Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3440","reference_id":"","reference_type":"","scores":[{"value":"0.14391","scoring_system":"epss","scoring_elements":"0.94545","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783554","reference_id":"783554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783554"},{"reference_url":"http://klikki.fi/adv/wordpress2.html","reference_id":"OSVDB-121320;CVE-2015-3440","reference_type":"exploit","scores":[],"url":"http://klikki.fi/adv/wordpress2.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/36844.txt","reference_id":"OSVDB-121320;CVE-2015-3440","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/36844.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135303?format=json","purl":"pkg:deb/debian/wordpress@4.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3440"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-segt-uewd-j7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105616?format=json","vulnerability_id":"VCID-semv-sj8v-k3eg","summary":"wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4893","reference_id":"","reference_type":"","scores":[{"value":"0.01608","scoring_system":"epss","scoring_elements":"0.82088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135260?format=json","purl":"pkg:deb/debian/wordpress@2.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-semv-sj8v-k3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105701?format=json","vulnerability_id":"VCID-sjsv-4uy2-aqct","summary":"WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6707","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39604","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6707"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880868","reference_id":"880868","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135293?format=json","purl":"pkg:deb/debian/wordpress@6.8.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6707"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjsv-4uy2-aqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105703?format=json","vulnerability_id":"VCID-srnq-hfrc-63a4","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0236","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6211","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0236"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698927","reference_id":"698927","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135289?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0236"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srnq-hfrc-63a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105732?format=json","vulnerability_id":"VCID-stra-6431-kyew","summary":"Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9035","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9035"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stra-6431-kyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105666?format=json","vulnerability_id":"VCID-sx3x-jwwk-yfc9","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0700","reference_id":"","reference_type":"","scores":[{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.78113","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0700"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135284?format=json","purl":"pkg:deb/debian/wordpress@3.0.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0700"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sx3x-jwwk-yfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3924?format=json","vulnerability_id":"VCID-t78k-a5p3-ekd3","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28033","reference_id":"","reference_type":"","scores":[{"value":"0.01258","scoring_system":"epss","scoring_elements":"0.79732","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28033"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t78k-a5p3-ekd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105644?format=json","vulnerability_id":"VCID-tajn-nz9a-pued","summary":"wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6767","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73289","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6767"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736","reference_id":"531736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-6767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tajn-nz9a-pued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105713?format=json","vulnerability_id":"VCID-tc8g-gatd-sfgy","summary":"wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4338","reference_id":"","reference_type":"","scores":[{"value":"0.09588","scoring_system":"epss","scoring_elements":"0.9302","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537","reference_id":"722537","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135295?format=json","purl":"pkg:deb/debian/wordpress@3.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4338"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc8g-gatd-sfgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105744?format=json","vulnerability_id":"VCID-tcx2-vbrr-xbbs","summary":"Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5714","reference_id":"","reference_type":"","scores":[{"value":"0.30646","scoring_system":"epss","scoring_elements":"0.96811","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140","reference_id":"799140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135305?format=json","purl":"pkg:deb/debian/wordpress@4.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.3.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcx2-vbrr-xbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105828?format=json","vulnerability_id":"VCID-tdyq-g7qp-ekcf","summary":"WordPress before 5.2.3 allows XSS in stored comments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16218","reference_id":"","reference_type":"","scores":[{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85477","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16218"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16218"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdyq-g7qp-ekcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105832?format=json","vulnerability_id":"VCID-th7b-r5hb-xubs","summary":"WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16222","reference_id":"","reference_type":"","scores":[{"value":"0.02377","scoring_system":"epss","scoring_elements":"0.85272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th7b-r5hb-xubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105819?format=json","vulnerability_id":"VCID-thze-51nr-t3c2","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20148","reference_id":"","reference_type":"","scores":[{"value":"0.54862","scoring_system":"epss","scoring_elements":"0.98084","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20148"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thze-51nr-t3c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105680?format=json","vulnerability_id":"VCID-tjhd-vbej-6bdj","summary":"wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5270","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66603","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5270"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-5270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjhd-vbej-6bdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105600?format=json","vulnerability_id":"VCID-tkc4-bhhm-dfgg","summary":"Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators.  However, it has been patched by at least one vendor","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1732","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64217","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1732"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135257?format=json","purl":"pkg:deb/debian/wordpress@2.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1732"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkc4-bhhm-dfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105614?format=json","vulnerability_id":"VCID-txss-a2ve-67gu","summary":"Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4165","reference_id":"","reference_type":"","scores":[{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80065","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txss-a2ve-67gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105850?format=json","vulnerability_id":"VCID-u2g8-1k4q-cud5","summary":"In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11028","reference_id":"","reference_type":"","scores":[{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76709","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11028"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11028"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2g8-1k4q-cud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105788?format=json","vulnerability_id":"VCID-udwx-b2q5-wfh8","summary":"wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17093","reference_id":"","reference_type":"","scores":[{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91967","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17093"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314","reference_id":"883314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135314?format=json","purl":"pkg:deb/debian/wordpress@4.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-17093"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udwx-b2q5-wfh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6661?format=json","vulnerability_id":"VCID-uet7-ayb1-k7be","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5488","reference_id":"","reference_type":"","scores":[{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75747","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5488"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uet7-ayb1-k7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105820?format=json","vulnerability_id":"VCID-uh2s-rh42-g3dp","summary":"In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20149","reference_id":"","reference_type":"","scores":[{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20149"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403","reference_id":"916403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20149"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2s-rh42-g3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105660?format=json","vulnerability_id":"VCID-ujfc-ga1f-fkfb","summary":"The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5106","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53817","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5106"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135282?format=json","purl":"pkg:deb/debian/wordpress@3.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujfc-ga1f-fkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105870?format=json","vulnerability_id":"VCID-ukah-fz6r-jfe2","summary":"Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43497","reference_id":"","reference_type":"","scores":[{"value":"0.01716","scoring_system":"epss","scoring_elements":"0.82713","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575","reference_id":"1022575","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135374?format=json","purl":"pkg:deb/debian/wordpress@5.7.8%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.8%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135373?format=json","purl":"pkg:deb/debian/wordpress@6.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-43497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukah-fz6r-jfe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105664?format=json","vulnerability_id":"VCID-up7r-kdsk-sue2","summary":"wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5296","reference_id":"","reference_type":"","scores":[{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61257","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135281?format=json","purl":"pkg:deb/debian/wordpress@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-up7r-kdsk-sue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105564?format=json","vulnerability_id":"VCID-ut53-9dma-5ye8","summary":"Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4600","reference_id":"","reference_type":"","scores":[{"value":"0.17865","scoring_system":"epss","scoring_elements":"0.95264","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4600"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4441.txt","reference_id":"OSVDB-44920;CVE-2007-5055;OSVDB-44919;CVE-2007-5054;CVE-2007-5053;OSVDB-39586;OSVDB-39585;OSVDB-39584;OSVDB-39583;CVE-2005-4600;OSVDB-39582;OSVDB-22116","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4441.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135241?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-4600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut53-9dma-5ye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105835?format=json","vulnerability_id":"VCID-utzm-sjm8-3qdh","summary":"In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16781","reference_id":"","reference_type":"","scores":[{"value":"0.03486","scoring_system":"epss","scoring_elements":"0.87794","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16781"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905","reference_id":"946905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135361?format=json","purl":"pkg:deb/debian/wordpress@5.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16781"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utzm-sjm8-3qdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105862?format=json","vulnerability_id":"VCID-uu7t-yf1r-ukey","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39202","reference_id":"","reference_type":"","scores":[{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74707","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135240?format=json","purl":"pkg:deb/debian/wordpress@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-39202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu7t-yf1r-ukey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105804?format=json","vulnerability_id":"VCID-uvp8-atns-buap","summary":"In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9061","reference_id":"","reference_type":"","scores":[{"value":"0.03308","scoring_system":"epss","scoring_elements":"0.8747","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9061"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvp8-atns-buap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105708?format=json","vulnerability_id":"VCID-v19k-3uep-33bu","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2201","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73491","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v19k-3uep-33bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6659?format=json","vulnerability_id":"VCID-v28c-t67z-8bh1","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5490","reference_id":"","reference_type":"","scores":[{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80123","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5490"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v28c-t67z-8bh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105749?format=json","vulnerability_id":"VCID-v2yx-kp5s-e3b2","summary":"Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5733","reference_id":"","reference_type":"","scores":[{"value":"0.01502","scoring_system":"epss","scoring_elements":"0.81477","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5733"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560","reference_id":"794560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135300?format=json","purl":"pkg:deb/debian/wordpress@4.2.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2yx-kp5s-e3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105619?format=json","vulnerability_id":"VCID-v33c-6dwr-6yhx","summary":"Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5106","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60436","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5106"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135242?format=json","purl":"pkg:deb/debian/wordpress@2.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-5106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v33c-6dwr-6yhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105653?format=json","vulnerability_id":"VCID-v3fn-v5na-37h2","summary":"Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2854","reference_id":"","reference_type":"","scores":[{"value":"0.01911","scoring_system":"epss","scoring_elements":"0.83628","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135274?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3fn-v5na-37h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105610?format=json","vulnerability_id":"VCID-v8nb-u8zr-cfc9","summary":"Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3544","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79537","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3544"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8nb-u8zr-cfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105879?format=json","vulnerability_id":"VCID-v95d-ak24-uqbz","summary":"WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including,  6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135380?format=json","purl":"pkg:deb/debian/wordpress@6.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5692"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v95d-ak24-uqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6772?format=json","vulnerability_id":"VCID-v9aa-vn8u-tfag","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7168","reference_id":"","reference_type":"","scores":[{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74413","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169"},{"reference_url":"https://security.archlinux.org/ASA-201609-32","reference_id":"ASA-201609-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-32"},{"reference_url":"https://security.archlinux.org/AVG-39","reference_id":"AVG-39","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135307?format=json","purl":"pkg:deb/debian/wordpress@4.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-7168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9aa-vn8u-tfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105742?format=json","vulnerability_id":"VCID-v9kx-rgup-abah","summary":"Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5622","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76938","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135304?format=json","purl":"pkg:deb/debian/wordpress@4.2.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kx-rgup-abah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105650?format=json","vulnerability_id":"VCID-vbfv-qbc9-pybd","summary":"wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2762","reference_id":"","reference_type":"","scores":[{"value":"0.74127","scoring_system":"epss","scoring_elements":"0.98856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541102","reference_id":"541102","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541102"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6397.txt","reference_id":"CVE-2009-2762;OSVDB-56971","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6397.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6421.php","reference_id":"CVE-2009-2762;OSVDB-56971","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/6421.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9410.txt","reference_id":"OSVDB-56971;CVE-2009-2762","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/9410.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135276?format=json","purl":"pkg:deb/debian/wordpress@2.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbfv-qbc9-pybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105581?format=json","vulnerability_id":"VCID-vbre-c8z8-pkau","summary":"wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6016","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73478","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135250?format=json","purl":"pkg:deb/debian/wordpress@2.0.5-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.5-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2006-6016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbre-c8z8-pkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105598?format=json","vulnerability_id":"VCID-vdbf-3k6u-g3eb","summary":"wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1599","reference_id":"","reference_type":"","scores":[{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81052","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1599"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085","reference_id":"437085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdbf-3k6u-g3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105743?format=json","vulnerability_id":"VCID-vp57-uu3b-p7a8","summary":"WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5623","reference_id":"","reference_type":"","scores":[{"value":"0.48368","scoring_system":"epss","scoring_elements":"0.97798","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135304?format=json","purl":"pkg:deb/debian/wordpress@4.2.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.2.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-5623"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp57-uu3b-p7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105549?format=json","vulnerability_id":"VCID-vv1v-hhpg-17ax","summary":"Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1559","reference_id":"","reference_type":"","scores":[{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80296","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1559"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24641.txt","reference_id":"CVE-2004-1559;OSVDB-10410","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24641.txt"},{"reference_url":"https://www.securityfocus.com/bid/11268/info","reference_id":"CVE-2004-1559;OSVDB-10410","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/11268/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24642.txt","reference_id":"CVE-2004-1559;OSVDB-10411","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24642.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24643.txt","reference_id":"CVE-2004-1559;OSVDB-10412","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24643.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24644.txt","reference_id":"CVE-2004-1559;OSVDB-10413","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24644.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24645.txt","reference_id":"CVE-2004-1559;OSVDB-10414","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24645.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24646.txt","reference_id":"CVE-2004-1559;OSVDB-10415","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24646.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135233?format=json","purl":"pkg:deb/debian/wordpress@1.2.2-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.2.2-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2004-1559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vv1v-hhpg-17ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105624?format=json","vulnerability_id":"VCID-vy5b-wcju-23ep","summary":"Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0192","reference_id":"","reference_type":"","scores":[{"value":"0.02111","scoring_system":"epss","scoring_elements":"0.8442","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0192"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30977.txt","reference_id":"CVE-2008-0192;OSVDB-40224","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30977.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30978.txt","reference_id":"CVE-2008-0192;OSVDB-40225","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30978.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135264?format=json","purl":"pkg:deb/debian/wordpress@2.0.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0192"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy5b-wcju-23ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105611?format=json","vulnerability_id":"VCID-vykh-pyk1-1bhm","summary":"WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3639","reference_id":"","reference_type":"","scores":[{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78794","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3639"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3639"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vykh-pyk1-1bhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105878?format=json","vulnerability_id":"VCID-w468-s3yn-f3g5","summary":"WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135376?format=json","purl":"pkg:deb/debian/wordpress@6.1.6%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.6%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135379?format=json","purl":"pkg:deb/debian/wordpress@6.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5561"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w468-s3yn-f3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105641?format=json","vulnerability_id":"VCID-w4pd-cn94-2uh9","summary":"Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5278.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5278.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5278","reference_id":"","reference_type":"","scores":[{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87149","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5278"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=473577","reference_id":"473577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=473577"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507193","reference_id":"507193","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135272?format=json","purl":"pkg:deb/debian/wordpress@2.5.1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.5.1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pd-cn94-2uh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105834?format=json","vulnerability_id":"VCID-w5m3-hthy-5kfb","summary":"WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16780","reference_id":"","reference_type":"","scores":[{"value":"0.03606","scoring_system":"epss","scoring_elements":"0.87987","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905","reference_id":"946905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135361?format=json","purl":"pkg:deb/debian/wordpress@5.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16780"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5m3-hthy-5kfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105609?format=json","vulnerability_id":"VCID-w5pn-72e6-mubg","summary":"Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3543","reference_id":"","reference_type":"","scores":[{"value":"0.01689","scoring_system":"epss","scoring_elements":"0.82567","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135259?format=json","purl":"pkg:deb/debian/wordpress@2.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3543"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5pn-72e6-mubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105791?format=json","vulnerability_id":"VCID-w7u7-ghcz-dfaa","summary":"wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5610","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75379","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767","reference_id":"852767","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135315?format=json","purl":"pkg:deb/debian/wordpress@4.7.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7u7-ghcz-dfaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105872?format=json","vulnerability_id":"VCID-wkxe-dtxv-17e6","summary":"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43504","reference_id":"","reference_type":"","scores":[{"value":"0.02475","scoring_system":"epss","scoring_elements":"0.85553","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43504"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575","reference_id":"1022575","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135374?format=json","purl":"pkg:deb/debian/wordpress@5.7.8%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.8%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135373?format=json","purl":"pkg:deb/debian/wordpress@6.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-43504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkxe-dtxv-17e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3921?format=json","vulnerability_id":"VCID-ws42-mg4c-4kga","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28036","reference_id":"","reference_type":"","scores":[{"value":"0.06383","scoring_system":"epss","scoring_elements":"0.91176","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562","reference_id":"973562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562"},{"reference_url":"https://security.archlinux.org/ASA-202011-3","reference_id":"ASA-202011-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-3"},{"reference_url":"https://security.archlinux.org/AVG-1257","reference_id":"AVG-1257","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135366?format=json","purl":"pkg:deb/debian/wordpress@5.5.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.5.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28036"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws42-mg4c-4kga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105551?format=json","vulnerability_id":"VCID-ws4g-qufg-zfej","summary":"SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1687","reference_id":"","reference_type":"","scores":[{"value":"0.00837","scoring_system":"epss","scoring_elements":"0.75018","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1687"},{"reference_url":"https://security.gentoo.org/glsa/200506-04","reference_id":"GLSA-200506-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200506-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135235?format=json","purl":"pkg:deb/debian/wordpress@1.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-1687"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws4g-qufg-zfej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105827?format=json","vulnerability_id":"VCID-wtzt-7dy5-8fgr","summary":"WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16217","reference_id":"","reference_type":"","scores":[{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85832","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16217"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543","reference_id":"939543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135360?format=json","purl":"pkg:deb/debian/wordpress@5.2.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16217"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtzt-7dy5-8fgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105756?format=json","vulnerability_id":"VCID-wu41-pj8w-bfdg","summary":"The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2222","reference_id":"","reference_type":"","scores":[{"value":"0.05172","scoring_system":"epss","scoring_elements":"0.90075","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697","reference_id":"813697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135309?format=json","purl":"pkg:deb/debian/wordpress@4.4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-2222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wu41-pj8w-bfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105628?format=json","vulnerability_id":"VCID-wzmz-um23-fqge","summary":"Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \\..\\..\\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0196","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0196"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135265?format=json","purl":"pkg:deb/debian/wordpress@2.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2008-0196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzmz-um23-fqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105704?format=json","vulnerability_id":"VCID-x7z7-1frq-9ugk","summary":"Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0237","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62846","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698929","reference_id":"698929","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135289?format=json","purl":"pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7z7-1frq-9ugk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105691?format=json","vulnerability_id":"VCID-x8fw-ufph-tqej","summary":"Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3384","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39193","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721","reference_id":"680721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135288?format=json","purl":"pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3384"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8fw-ufph-tqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105877?format=json","vulnerability_id":"VCID-xd3p-y51v-jyah","summary":"Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135376?format=json","purl":"pkg:deb/debian/wordpress@6.1.6%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.6%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135379?format=json","purl":"pkg:deb/debian/wordpress@6.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-39999"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd3p-y51v-jyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105851?format=json","vulnerability_id":"VCID-xras-kgw1-d7ch","summary":"In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11029","reference_id":"","reference_type":"","scores":[{"value":"0.0265","scoring_system":"epss","scoring_elements":"0.86038","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11029"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391","reference_id":"959391","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135364?format=json","purl":"pkg:deb/debian/wordpress@5.4.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.4.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-11029"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xras-kgw1-d7ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105866?format=json","vulnerability_id":"VCID-xsaq-r2ru-hfan","summary":"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21662","reference_id":"","reference_type":"","scores":[{"value":"0.14241","scoring_system":"epss","scoring_elements":"0.94521","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21662"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243","reference_id":"1003243","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135372?format=json","purl":"pkg:deb/debian/wordpress@5.7.5%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.5%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135371?format=json","purl":"pkg:deb/debian/wordpress@5.8.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.8.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-21662"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsaq-r2ru-hfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105837?format=json","vulnerability_id":"VCID-xsyx-j96p-jucj","summary":"WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17670","reference_id":"","reference_type":"","scores":[{"value":"0.0554","scoring_system":"epss","scoring_elements":"0.90426","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17670"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459","reference_id":"942459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135362?format=json","purl":"pkg:deb/debian/wordpress@5.2.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.2.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17670"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsyx-j96p-jucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105860?format=json","vulnerability_id":"VCID-xycz-421s-uqhw","summary":"Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29450","reference_id":"","reference_type":"","scores":[{"value":"0.0208","scoring_system":"epss","scoring_elements":"0.84295","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065","reference_id":"987065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065"},{"reference_url":"https://security.archlinux.org/AVG-1831","reference_id":"AVG-1831","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1831"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135367?format=json","purl":"pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29450"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xycz-421s-uqhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105765?format=json","vulnerability_id":"VCID-xyfj-8a78-h7da","summary":"WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5838","reference_id":"","reference_type":"","scores":[{"value":"0.01728","scoring_system":"epss","scoring_elements":"0.82783","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135312?format=json","purl":"pkg:deb/debian/wordpress@4.5.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.5.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyfj-8a78-h7da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105733?format=json","vulnerability_id":"VCID-xyrb-ygv3-wfd4","summary":"Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9036","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425","reference_id":"770425","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135299?format=json","purl":"pkg:deb/debian/wordpress@4.0.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.0.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9036"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyrb-ygv3-wfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105707?format=json","vulnerability_id":"VCID-xz87-8yau-q3cq","summary":"WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2200","reference_id":"","reference_type":"","scores":[{"value":"0.01395","scoring_system":"epss","scoring_elements":"0.8073","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2200"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz87-8yau-q3cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4155?format=json","vulnerability_id":"VCID-y66s-wy16-afa8","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8942","reference_id":"","reference_type":"","scores":[{"value":"0.93445","scoring_system":"epss","scoring_elements":"0.99828","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942"},{"reference_url":"https://security.archlinux.org/AVG-910","reference_id":"AVG-910","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-910"},{"reference_url":"https://gist.github.com/allyshka/f159c0b43f1374f87f2c3817d6401fd6","reference_id":"CVE-2019-8943;CVE-2019-8942","reference_type":"exploit","scores":[],"url":"https://gist.github.com/allyshka/f159c0b43f1374f87f2c3817d6401fd6"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46662.rb","reference_id":"CVE-2019-8943;CVE-2019-8942","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46662.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46511.js","reference_id":"CVE-2019-8943;CVE-2019-8942","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46511.js"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_crop_rce.rb","reference_id":"CVE-2019-8943;CVE-2019-8942","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_crop_rce.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135349?format=json","purl":"pkg:deb/debian/wordpress@5.0.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.0.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-8942"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y66s-wy16-afa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105806?format=json","vulnerability_id":"VCID-y6j6-qe38-3qef","summary":"In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9062","reference_id":"","reference_type":"","scores":[{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.8248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9062"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816","reference_id":"862816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135343?format=json","purl":"pkg:deb/debian/wordpress@4.7.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9062"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6j6-qe38-3qef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105724?format=json","vulnerability_id":"VCID-y9z1-2yhb-f3bt","summary":"Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5240","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.7076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312","reference_id":"757312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135298?format=json","purl":"pkg:deb/debian/wordpress@3.9.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.9.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5240"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9z1-2yhb-f3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105843?format=json","vulnerability_id":"VCID-ywfg-12xc-v3a6","summary":"wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colon; substring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20041","reference_id":"","reference_type":"","scores":[{"value":"0.01366","scoring_system":"epss","scoring_elements":"0.80527","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20041"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905","reference_id":"946905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135361?format=json","purl":"pkg:deb/debian/wordpress@5.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-20041"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywfg-12xc-v3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105778?format=json","vulnerability_id":"VCID-yxa4-etp6-8uhd","summary":"Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14722","reference_id":"","reference_type":"","scores":[{"value":"0.30547","scoring_system":"epss","scoring_elements":"0.96803","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14722"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274","reference_id":"876274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135317?format=json","purl":"pkg:deb/debian/wordpress@4.8.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.8.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14722"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxa4-etp6-8uhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105717?format=json","vulnerability_id":"VCID-z4tr-5bg6-mqcp","summary":"The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5739","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48527","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135295?format=json","purl":"pkg:deb/debian/wordpress@3.6.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.6.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-5739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4tr-5bg6-mqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105690?format=json","vulnerability_id":"VCID-z7gt-6p4n-nfcj","summary":"The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3383","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3383"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721","reference_id":"680721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135288?format=json","purl":"pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7gt-6p4n-nfcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6658?format=json","vulnerability_id":"VCID-zay2-3jb2-dkdj","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5491","reference_id":"","reference_type":"","scores":[{"value":"0.01622","scoring_system":"epss","scoring_elements":"0.82173","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5491"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zay2-3jb2-dkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6662?format=json","vulnerability_id":"VCID-zbqa-xsg6-fqaz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5487","reference_id":"","reference_type":"","scores":[{"value":"0.92497","scoring_system":"epss","scoring_elements":"0.99748","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5487"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310","reference_id":"851310","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310"},{"reference_url":"https://security.archlinux.org/ASA-201701-22","reference_id":"ASA-201701-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-22"},{"reference_url":"https://security.archlinux.org/AVG-142","reference_id":"AVG-142","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-142"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41497.php","reference_id":"CVE-2017-5487","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41497.php"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135334?format=json","purl":"pkg:deb/debian/wordpress@4.7.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@4.7.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5487"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbqa-xsg6-fqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105673?format=json","vulnerability_id":"VCID-zfmh-t2mp-7fca","summary":"WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3128","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78432","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3128"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135285?format=json","purl":"pkg:deb/debian/wordpress@3.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3128"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfmh-t2mp-7fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105694?format=json","vulnerability_id":"VCID-zfre-ce8m-37cc","summary":"The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4421","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4421"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135290?format=json","purl":"pkg:deb/debian/wordpress@3.4.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.4.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4421"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfre-ce8m-37cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105710?format=json","vulnerability_id":"VCID-zmgt-3fur-vbdg","summary":"WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2203","reference_id":"","reference_type":"","scores":[{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947","reference_id":"713947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135294?format=json","purl":"pkg:deb/debian/wordpress@3.5.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmgt-3fur-vbdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105555?format=json","vulnerability_id":"VCID-zp8e-atne-s3au","summary":"Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2107","reference_id":"","reference_type":"","scores":[{"value":"0.00912","scoring_system":"epss","scoring_elements":"0.76237","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2107"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402","reference_id":"316402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135237?format=json","purl":"pkg:deb/debian/wordpress@1.5.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2107"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8e-atne-s3au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105608?format=json","vulnerability_id":"VCID-zs2c-hwv5-zuew","summary":"Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622.  NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3238","reference_id":"","reference_type":"","scores":[{"value":"0.01473","scoring_system":"epss","scoring_elements":"0.81282","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135256?format=json","purl":"pkg:deb/debian/wordpress@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3238"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zs2c-hwv5-zuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105657?format=json","vulnerability_id":"VCID-zsyz-ws5f-83dk","summary":"WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0682","reference_id":"","reference_type":"","scores":[{"value":"0.24987","scoring_system":"epss","scoring_elements":"0.96272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0682"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/11441.txt","reference_id":"CVE-2010-0682;OSVDB-62330","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/11441.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135279?format=json","purl":"pkg:deb/debian/wordpress@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2010-0682"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsyz-ws5f-83dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105561?format=json","vulnerability_id":"VCID-zu24-8qyu-6fgv","summary":"Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2612","reference_id":"","reference_type":"","scores":[{"value":"0.73416","scoring_system":"epss","scoring_elements":"0.9882","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323040","reference_id":"323040","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323040"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/16895.rb","reference_id":"CVE-2005-2612;OSVDB-18672","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/16895.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135239?format=json","purl":"pkg:deb/debian/wordpress@1.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135230?format=json","purl":"pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eg3u-uaqx-m7f2"},{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135228?format=json","purl":"pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sjsv-4uy2-aqct"},{"vulnerability":"VCID-v95d-ak24-uqbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135232?format=json","purl":"pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135231?format=json","purl":"pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2612"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zu24-8qyu-6fgv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie"}