Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-x6q5-r1bc-m7bm

Summary CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.

Aliases

alias	CVE-2004-1584

Fixed_packages

url	pkg:deb/debian/wordpress@1.2.1-1.1?distro=trixie
purl	pkg:deb/debian/wordpress@1.2.1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@1.2.1-1.1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

vulnerability	VCID-tj4y-uey5-tff8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4r41-ecb5-xbe8

vulnerability	VCID-qt8k-3a84-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

url	pkg:ebuild/www-apps/wordpress@1.2.2
purl	pkg:ebuild/www-apps/wordpress@1.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/wordpress@1.2.2

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1584

reference_id

reference_type

scores

value	0.16
scoring_system	epss
scoring_elements	0.94879
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1584

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1584
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1584

reference_url	https://security.gentoo.org/glsa/200410-12
reference_id	GLSA-200410-12
reference_type
scores
url	https://security.gentoo.org/glsa/200410-12

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/570.txt
reference_id	OSVDB-10595;CVE-2004-1584
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/570.txt

Weaknesses

Exploits

date_added	2004-10-09
description	WordPress Core 1.2 - HTTP Splitting
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2004-10-10
exploit_type	webapps
platform	php
source_date_updated	2016-04-12
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6q5-r1bc-m7bm

Vulnerability Instance