CVE-2006-0986 — Wordpress vulnerability

8 documents4 sources

Severity

5.0MEDIUMNVD

OSV5.3

EPSS

2.2%

top 15.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMar 3

Latest updateMay 1

Description

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes direc…

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.2-1 (bookworm)+1

▶Debianwordpress/wordpress< 2.0.5-0.1+7

▶NVDwordpress/wordpress14 versions+13

Patches

Patch: neosecurityteam.net ↗Patch: neosecurityteam.net ↗

🔴Vulnerability Details

GHSA

GHSA-x3q2-3pwv-684v: WordPress 2↗2022-05-01

▶

GHSA

GHSA-6vgm-3w54-5w82: WordPress 2↗2022-05-01

▶

OSV

CVE-2006-4743: WordPress 2↗2006-09-13

▶

OSV

CVE-2006-0986: WordPress 2↗2006-03-03

▶

📋Vendor Advisories

Debian

CVE-2006-0986: wordpress - WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive informat...↗2006

▶

Debian

CVE-2006-4743: wordpress - WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive inform...↗2006

▶