Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 3.3.2+dfsg-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.4+dfsg-1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3eft-99gx-ukf9

vulnerability_id VCID-3eft-99gx-ukf9

summary wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2403

reference_id

reference_type

scores

value	0.03128
scoring_system	epss
scoring_elements	0.87077
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2403

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2403

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eft-99gx-ukf9

url VCID-49a7-461y-mkfb

vulnerability_id VCID-49a7-461y-mkfb

summary Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2400

reference_id

reference_type

scores

value	0.01738
scoring_system	epss
scoring_elements	0.82797
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2400

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2400

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49a7-461y-mkfb

url VCID-f4xp-wcxs-sbhs

vulnerability_id VCID-f4xp-wcxs-sbhs

summary Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2399

reference_id

reference_type

scores

value	0.03863
scoring_system	epss
scoring_elements	0.88417
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2399

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2399
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2399

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2399

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4xp-wcxs-sbhs

url VCID-s5aa-vvyb-dudf

vulnerability_id VCID-s5aa-vvyb-dudf

summary wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2404

reference_id

reference_type

scores

value	0.02327
scoring_system	epss
scoring_elements	0.8508
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2404

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2404

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5aa-vvyb-dudf

url VCID-txu1-guw9-33gb

vulnerability_id VCID-txu1-guw9-33gb

summary wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2402

reference_id

reference_type

scores

value	0.01272
scoring_system	epss
scoring_elements	0.79832
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2402

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2402

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txu1-guw9-33gb

url VCID-u7g8-93pv-6qh2

vulnerability_id VCID-u7g8-93pv-6qh2

summary Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2401

reference_id

reference_type

scores

value	0.01046
scoring_system	epss
scoring_elements	0.77787
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2401

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
reference_id	670124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124

fixed_packages

url	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/wordpress@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2012-2401

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u7g8-93pv-6qh2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.3.2%252Bdfsg-1%3Fdistro=trixie

Package Instance