WordPress plugin relocate is vulnerable to arbitrary files

What is Relocate?

Relocate Upload lets you specify folders, and adds a menu to the Media Library (and Edit Media admin page) that lets you switch media items between these folders and WPs default upload location.

Description

A vulnerability has been discovered in the Relocate Upload plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

Input passed via the “abspath” parameter to wp-content/plugins/relocate_upload/relocate-upload.php (when “ru_folder” is set) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources

We all know WordPress is a popular blogging platform. Not only that we can make any kind of site customizing this software. As I can’t afford money due to hosting fees i have to have with blogger.Maintaining a wordpress site is bit difficult plugins are common for wordpress software they make the task easy.Bloggers not having any programming knowledge can go with wordpress.Now a days wordpress sites are getting hacked due to usage of vulnerable plugins.Here i share a list of vulnerable plugins.You must uninstall those if you are currently using them

Date Description Status 2011-11-01 WordPress WP Glossary plugin SQL Injection Vulnerability Published

2011-10-31 WordPress Classipress Theme <= 3.1.4 Stored XSS Published

2011-10-31 WordPress WP Glossary Plugin SQL Injection Published

2011-10-28 WordPress wptouch plugin SQL Injection Vulnerability Published

2011-10-15 WordPress Photo Album Plus <= 4.1.1 SQL Injection Vulnerability Published

2011-10-13 WordPress Pretty Link 1.4.56 Cross Site Scripting Published

2011-10-13 WordPress GD Star Rating plugin <= 1.9.10 SQL Injection Published

2011-10-06 Packet storm WordPress Redirection 2.2.9 Persistent Cross Site Scripting Published

2011-09-30 WordPress WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability Published

2011-09-25 WordPress Link Library plugin <= 5.2.1 SQL Injection Vulnerability Published

2011-09-21 WordPress Annonces Plugin 1.2.0.0 Remote File Inclusion Published

previously posted in my BLOG

2011-09-21 WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion Published

2011-09-21 WordPress WPEasyStats Plugin 1.8 Remote File Inclusion Published

2011-09-21 WordPress Zingiri Web Shop Plugin 2.2.0 Remote File Inclusion Published

2011-09-21 WordPress AllWebMenus Plugin 1.1.3 Remote File Inclusion Published

2011-09-21 WordPress Mailing List Plugin 1.3.2 Remote File Inclusion Published

2011-09-21 WordPress TheCartPress Plugin 1.1.1 Remote File Inclusion Published

2011-09-21 WordPress Disclosure Policy Plugin 1.0 Remote File Inclusion Published

2011-09-21 WordPress Relocate Upload Plugin 0.14 Remote File Inclusion Published

2011-09-21 WordPress Livesig Plugin 0.4 Remote File Inclusion Published

2011-09-21 WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability Published

2011-09-21 Multiple WordPress Plugin timthumb.php Vulnerabilites Published

2011-09-19 WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability Published

2011-09-18 WordPress Auctions plugin <= 1.8.8 SQL Injection Vulnerability Published

2011-09-14 WordPress WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability Published

2011-09-13 WordPress 1 Flash Gallery Plugin Arbiraty File Upload Exploit (MSF) Published

2011-09-10 WordPress Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability Published

2011-09-10 WordPress Event Registration plugin <= 5.4.3 SQL Injection Published

2011-09-10 WordPress Couponer plugin <= 1.2 SQL Injection Published

2011-09-10 WordPress SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability Published

2011-09-10 WordPress Advertizer plugin <= 1.0 SQL Injection Vulnerability Published

2011-09-10 WordPress WP Bannerize plugin <= 2.8.6 SQL Injection Published

2011-09-10 WordPress wp audio gallery playlist plugin <= 0.12 SQL Injection Published

2011-09-10 WordPress iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Published

2011-09-10 WordPress Donation plugin <= 1.0 SQL Injection Published

2011-09-10 WordPress Crawl Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability Published

2011-09-10 WordPress PureHTML plugin <= 1.0.0 SQL Injection Published

2011-09-10 WordPress Facebook Opengraph Meta Plugin plugin <= 1.0 SQL Injection Vulnerability Published

2011-09-10 WordPress Image Gallery with Slideshow plugin <= 1.5 Multiple Vulnerabilities Published

2011-09-10 WordPress yolink Search plugin <= 1.1.4 SQL Injection Published

2011-09-10 WordPress VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability Published

2011-09-10 WordPress SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability Published

2011-09-10 WordPress grapefile plugin <= 1.1 Arbitrary File Upload Published

2011-08-29 WordPress Photoracer 1.0 Cross Site Scripting / SQL Injection Published

2011-08-29 WordPress TimThumb Plugin – Remote Code Execution Published

2011-08-29 WordPress mySTAT plugin <= 2.6 SQL Injection Vulnerability Published

2011-08-29 WordPress Block-Spam-By-Math-Reloaded Plugin Bypass Published

2011-08-29 WordPress Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability Published

2011-08-29 WordPress MM Duplicate plugin <= 1.2 SQL Injection Vulnerability Published

2011-08-29 WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability Published

2011-08-28 WordPress Photoracer Plugin <= 1.0 Multiple Vulnerabilities Published

2011-08-28 WordPress MM Forms Community plugin <= 1.2.3 SQL Injection Vulnerability Published

2011-08-28 WordPress Js-appointment plugin <= 1.5 SQL Injection Vulnerability Published

2011-08-28 WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability Published

2011-08-28 WordPress Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability Published

2011-08-28 WordPress oQey Headers plugin <= 0.3 SQL Injection Vulnerability Published

2011-08-28 WordPress Photoracer plugin <= 1.0 SQL Injection Vulnerability Published

2011-08-26 WordPress Yoast v4.1.3 Local File Disclosure Vulnerability Published

2011-08-21 WordPress UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability Published

2011-08-18 WordPress Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability Published

2011-08-18 WordPress Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability Published

2011-08-18 WordPress WP Forum plugin <= 1.7.8 SQL Injection Vulnerability Published

2011-08-18 WordPress File Groups plugin <= 1.1.2 SQL Injection Vulnerability Published

2011-08-18 WordPress WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability Published

2011-08-18 WordPress OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability Published

2011-08-18 WordPress Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability Published

2011-08-18 WordPress Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability Published

2011-08-18 WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability Published

2011-07-04 WordPress 3.1.3 SQL Injection Vulnerabilities Published

2011-06-27 WordPress Beer Recipes Plugin v.1.0 XSS Published

2011-06-27 WordPress core 3.1.3 Persistent XSS Vulnerability Published

2011-05-24 Is-human <=1.4.2 WordPress Plugin Remote Command Execution Vulnerability Published

2011-04-28 WordPress SermonBrowser Plugin 0.43 SQL Injection Published

2011-04-26 Ajax Category Dropdown WordPress Plugin 0.1.5 Multiple Vulnerabilities Published

2011-04-06 WordPress WP Custom Pages Plugin 0.5.0.1 LFI Vulnerability Published

2011-03-29 WordPress plugin BackWPup Remote and Local Code Execution Vulnerability Published

2011-03-10 PHP Speedy <= 0.5.2 WordPress Plugin (admin_container.php) Remote Code Exec Exploit Published

2011-03-10 GRAND Flash Album Gallery 0.55 WordPress Plugin Multiple Vulnerabilities Published

2011-02-27 OPS Old Post Spinner 2.2.1 WordPress Plugin LFI Vulnerability Published

2011-02-27 JQuery Mega Menu 1.0 WordPress Plugin Local File Inclusion Published

2011-02-26 Z-Vote 1.1 WordPress Plugin SQL Injection Vulnerability Published

2011-02-25 GigPress 2.1.10 WordPress Plugin Stored XSS Vulnerability Published

2011-02-25 Relevanssi 2.7.2 WordPress Plugin Stored XSS Vulnerability Published

2011-02-25 IWantOneButton 3.0.1 WordPress Plugin Multiple Vulnerabilities Published

2011-02-25 WP Forum Server 1.6.5 WordPress Plugin SQL Injection Vulnerability Published

2011-02-24 Comment Rating 2.9.23 WordPress Plugin Multiple Vulnerabilities Published

2011-02-18 WordPress User Photo Component Remote File Upload Vulnerability Published

2011-02-11 Enable Media Replace WordPress Plugin Multiple Vulnerabilities Published

2010-12-07 SQL injection vulnerability in do_trackbacks() WordPress function Published

2010-11-14 WordPress Event Registration Plugin 5.32 SQL Injection Vulnerability Published

2010-10-20 WordPress plugin mygallerybrowser.php Remote File Upload Vulnerability Published

2010-09-07 WordPress Events Manager Extended Plugin Persistent XSS Vulnerability Published

2010-08-05 WordPress NextGEN Smooth Gallery Blind SQL Injection Vulnerability Published

2010-07-23 WordPress Plugin myLDlinker SQL Injection Vulnerability Published

2010-07-10 WordPress Firestats Remote Configuration File Download Published

2010-06-25 Vulnerabilities in Cimy Counter for WordPress Published

2010-06-08 WordPress Gigya Socialize Plugin Cross-Site Scripting Vulnerabilities Published

2010-04-06 XSS Vulnerability in NextGEN Gallery WordPress Plugin Published

2010-03-02 WordPress 2.9.1 wp-admin Cross-Site Scripting Vulnerability Published

2010-02-23 WordPress Copperleaf Photolog SQL Injection Vulnerability Published

2010-02-19 WordPress script <== x.x.x (Events Plugins) SQL Injection Vulnerability Published

2010-02-19 WordPress 2.9 plugin wp-wall (XSS) Cross Site Scripting Vulnerability Published

2010-02-19 Joomla JD-WordPress Remote File Include Exploit Published

2010-02-19 WordPress Resource exhaustion Exploit Published

2010-02-19 WordPress Pyrmont V2. SQL Injection Vulnerability Published

2010-02-19 WordPress = 2.9 Failure to Restrict URL Access Published

2010-01-02 WordPress Events Plugin SQL Injection Vulnerability Published

2009-12-31 0day WordPress DOS <= 2.9 Published

2009-12-18 WordPress and Pyrmont V2. SQL Injection Vulnerability Published

2009-12-07 Vulnerabilities in WP-Cumulus for WordPress Published

2009-12-05 WordPress Image Manager Plugins Shell Upload Vulnerability Published

2009-11-25 Vulnerabilities in WP-Cumulus <= 1.20 for WordPress Published

2009-11-13 WordPress Arbitrary File Upload and Cross Site Scripting Vulnerabilities Published

2009-11-13 WordPress Plugin WP-Syntax <= 0.9.1 Remote Command Execution PoC Published

2009-11-11 WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Published

2009-11-11 Fedora Security Update Fixes WordPress-MU Denial of Service Issue Published

2009-11-10 WordPress 2.0 – 2.7.1 admin.php Module Configuration Security Bypass Vulnerability Published

2009-11-10 WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Published

2009-11-10 WordPress MU 1.2.2 – 1.3.1 ‘wp-includes/wpmu-functions.php’ Cross-Site Scripting Vulnerability Published

2009-10-27 Fedora Security Update Fixes WordPress Denial of Service Vulnerability Published

2009-10-23 DM Albums for WordPress “delete_album” Directory Traversal Issue Published

2009-10-22 WordPress < 2.8.1 Security Bypass 0day Published

2009-10-21 WordPress Trackback Remote Denial of Service Vulnerability Published

2009-10-20 JD-WordPress for Joomla “mosConfig_absolute_path” Inclusion Issue Published

2009-10-19 Joomla JD-WordPress 2.0 RC2 remote file icnlusion Published

2009-09-02 WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures Published

2009-08-28 WP-Syntax for WordPress “test_filter[wp_head]” Code Injection Vulnerability Published

2009-08-27 WordPress Plugin WP-Syntax <= 0.9.1 Remote Command Execution Published

2009-08-24 Debian Security Update Fixes WordPress Security Bypass Vulnerabilities Published

2009-08-17 Fedora Security Update Fixes WordPress-MU Multiple Vulnerabilities Published

2009-08-12 Fedora Security Update Fixes WordPress Admin Pass Reset Vulnerability Published

2009-08-11 WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability Published

2009-08-07 Fedora Security Update Fixes WordPress Privilege Escalation Issues Published

2009-07-30 Fedora Security Update Fixes WordPress Cross Site Scripting Issue Published

2009-07-27 WordPress Plugin FireStats <= 1.6.1(fs_javascript) RFI Vulnerability Published

2009-07-24 WordPress 2.8.1 (url) Remote Cross Site Scripting Exploit Published

2009-07-20 Fedora Security Update Fixes WordPress Security Bypass Vulnerabilities Published

2009-07-15 WordPress Plugin My Category Order <= 2.8 SQL Injection Vulnerability Published

2009-07-10 WordPress Privileges Unchecked in admin.php and Multiple Information Published

2009-07-09 WordPress Media Holder (mediaHolder.php id) SQL Injection vulnerability Published

2009-07-09 WordPress Multiple Security Bypass and Information Disclosure Issues Published

2009-07-02 WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vulnerability Published

2009-06-30 WordPress Plugin DM Albums 1.9.2 Remote File Disclosure Vulnerability Published

2009-06-30 WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability Published

2009-06-29 WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln Published

2009-06-15 WordPress Plugin Photoracer 1.0 (id) SQL Injection Vulnerability Published

2009-05-26 WordPress Plugin Lytebox (wp-lytebox) Local File Inclusion Vulnerability Published

2009-04-15 Fedora Security Update Fixes WordPress-mu Cross Site Scripting Issue Published

2009-03-18 FMoblog Plugin for WordPress “id” Remote SQL Injection Vulnerability Published

2009-03-17 WordPress Plugin fMoblog 2.1 (id) SQL Injection Vulnerability Published

2009-03-10 WordPress MU < 2.7 ‘HOST’ HTTP Header XSS Vulnerability Published

2009-01-12 WordPress plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability Published

2008-12-22 WordPress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln Published

2008-11-07 Fedora Security Update Fixes WordPress Snoopy Code Execution Published

2008-10-29 WordPress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit Published

2008-10-26 WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln Published

2008-10-17 WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln Published

2008-09-15 WordPress “user_login” Column SQL Truncation Vulnerability Published

2008-09-10 WordPress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit Published

2008-09-10 Fedora Security Update Fixes WordPress SSL Enforcement Weakness Published

2008-09-07 WordPress 2.6.1 SQL Column Truncation Vulnerability Published

2008-07-24 WordPress Plugin Download Manager 0.2 Arbitrary File Upload Exploit Published

2008-07-07 Debian Security Update Fixes WordPress Security Bypass Issues Published

2008-05-05 Fedora Security Update Fixes WordPress Privilege Escalation Issue Published

2008-04-28 WordPress Cookie Integrity Protection Privilege Escalation Vulnerability Published

2008-04-24 Spreadsheet for WordPress “ss_id” Remote SQL Injection Vulnerability Published

2008-04-22 WordPress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability Published

2008-03-31 WordPress Plugin Download (dl_id) SQL Injection Vulnerability Published

2008-02-26 WordPress Plugin Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities Published

2008-02-18 Photo Album Plugin for WordPress Multiple SQL Injection Vulnerabilities Published

2008-02-16 WordPress Photo album Remote SQL Injection Vulnerability Published

2008-02-15 WordPress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability Published

2008-02-15 WordPress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability Published

2008-02-13 Fedora Security Update Fixes WordPress XML-RPC Post Editing Issue Published

2008-02-07 WordPress XML-RPC Implementation Arbitrary Post Editing Vulnerability Published

2008-02-05 WordPress MU < 1.3.2 active_plugins option Code Execution Exploit Published

2008-02-03 WordPress Plugin st_newsletter Remote SQL Injection Vulnerability Published

2008-02-02 WordPress Plugin Wordspew Remote SQL Injection Vulnerability Published

2008-02-02 WordPress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities Published

2008-01-31 AdServe Plugin for WordPress “id” Parameter SQL Injection Vulnerability Published

2008-01-31 WassUp Plugin for WordPress “to_date” SQL Injection Vulnerability Published

2008-01-31 WP-Cal Plugin for WordPress “id” SQL Query Injection Vulnerability Published

2008-01-31 FGallery Plugin for WordPress “album” SQL Query Injection Vulnerability Published

2008-01-30 WordPress Plugin Adserve 0.2 adclick.php SQL Injection Exploit Published

2008-01-30 WordPress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit Published

2008-01-27 WordPress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability Published

2008-01-27 WordPress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability Published

2008-01-25 Permalinks Migration Plugin for WordPress Cross Site Request Forgery Published

2008-01-22 WP-Forum Plugin for WordPress “user” SQL Query Injection Vulnerability Published

2008-01-19 WordPress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability Published

2008-01-06 WordPress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability Published

2008-01-03 Fedora Security Update Fixes WordPress Multiple Remote Vulnerabilities Published

2007-12-11 WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability Published

2007-12-11 WordPress “s” Parameter Handling Remote SQL Injection Vulnerability Published

2007-12-05 WordPress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability Published

2007-11-21 WordPress Cookies Processing Authentication Bypass Weakness Published

2007-11-06 BackUpWordPress “bkpwp_plugin_path” PHP File Inclusion Vulnerabilities Published

2007-11-01 WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability Published

2007-10-29 WordPress “posts_columns” Parameter Cross Site Scripting Vulnerability Published

2007-09-14 WordPress Multiple Versions Pwnpress Exploitation Tookit (0.2pub) Published

2007-09-13 WordPress Multiple Parameter Cross Site Scripting and SQL Injection Issues Published

2007-08-31 Fedora Security Update Fixes WordPress Cross Site Scripting Vulnerability Published

2007-08-01 WordPress “style” Parameter Processing Cross Site Scripting Vulnerability Published

2007-06-26 WordPress Security Update Fixes Code Execution and SQL Injection Vulnerabilities Published

2007-06-26 WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit Published

2007-06-11 OpenPKG Security Update Fixes WordPress XML-RPC SQL Injection Vulnerability Published

2007-06-07 WordPress XML-RPC Interface “wp_suggestCategories()” SQL Injection Vulnerability Published

2007-06-06 WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit Published

2007-05-21 WordPress “cookie” Parameter Handling Remote SQL Query Injection Vulnerability Published

2007-05-21 WordPress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit Published

2007-05-02 Debian Security Update Fixes WordPress Cross Site Scripting and Security Bypass Issues Published

2007-05-02 WP-Table Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published

2007-05-02 WordTube Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published

2007-05-02 MyFlash Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published

2007-05-01 WordPress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability Published

2007-05-01 WordPress plugin myflash <= 1.00 (wppath) RFI Vulnerability Published

2007-05-01 WordPress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability Published

2007-04-30 MyGallery Plugin for WordPress “myPath” Parameter Remote File Inclusion Vulnerability Published

2007-04-29 WordPress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability Published

2007-04-04 WordPress “XML-RPC” Module Remote SQL Injection and Security Bypass Vulnerabilities Published

2007-04-03 WordPress 2.1.2 (xmlrpc) Remote SQL Injection Exploit Published

2007-03-21 Gentoo Security Update Fixes Multiple WordPress Cross Site Scripting Vulnerabilities Published

2007-03-19 WordPress “PHP_SELF” Variable Handling Client-Side Cross Site Scripting Vulnerability Published

2007-03-13 WordPress “wp_title()” and “single_month_title()” Cross Site Scripting Vulnerability Published

2007-03-05 WordPress “comment_text_phpfilter()” and “get_theme_mcommand()” Vulnerabilities Published

2007-02-27 WordPress “wp-includes/functions.php” Client-Side Cross Site Scripting Vulnerability Published

2007-02-26 NoMoKeTo Module for phpBB “phpbb_root_path” Remote File Inclusion Vulnerability Published

2007-02-26 WordPress “wp_explain_nonce()” Function Client-Side Cross Site Scripting Vulnerability Published

2007-01-17 Gentoo Security Update Fixes WordPress SQL Injection and Cross Site Scripting Issues Published

2007-01-10 WordPress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit Published

2007-01-09 OpenPKG Security Update Fixes WordPress Trackback Charset SQL Injection Issue Published

2007-01-07 WordPress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit Published

2007-01-06 WordPress “wp-login.php” Authentication Process Information Disclosure Vulnerability Published

2007-01-06 WordPress Trackback Charset SQL Injection and Admin Cross Site Scripting Vulnerabilities Published

2006-12-30 Enigma 2 WordPress Bridge (boarddir) Remote File Include Vulnerability Published

2006-12-27 WordPress “get_file_description()” Function Client-Side Cross Site Scripting Vulnerability Published

2006-11-21 Gentoo Security Update Fixes WordPress Directory Traversal and Security Bypass Published

2006-11-03 OpenPKG Security Update Fixes WordPress Multiple Security Bypass Vulnerabilities Published

2006-11-02 WordPress Remote Directory Traversal and Security Bypass Vulnerabilities Published

2006-08-16 WP-DB Backup Plugin for WordPress “backup” Parameter Directory Traversal Vulnerability Published

2006-07-31 WordPress Unspecified Parameter Handling Multiple Vulnerabilities Published

2006-07-17 Rocks “mount-loop” and “umount-loop” Arguments Handling Privilege Escalation Vulnerability Published

2006-07-04 WordPress “paged” Parameter Table Prefix and Full Path Disclosure Vulnerabilities Published

2006-06-12 Gentoo Security Update Fixes WordPress Remote Command Injection Vulnerability Published

2006-05-26 WordPress User Profile Handling Remote PHP Command Injection Vulnerability Published

2006-05-25 WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit Published

2006-03-05 Gentoo Security Update Fixes WordPress SQL Injection Vulnerability Published

2006-03-01 WordPress Cross Site Scripting And Full Path Disclosure Vulnerabilities Published

2006-01-16 WP-Stats WordPress Plug-in “author” Remote SQL Injection Vulnerability Published

2005-11-25 PhpWordPress Multiple Parameters Remote SQL Injection Vulnerability Published

2005-08-10 WordPress “cache_lastpostdate” Remote Code Execution Issue Published

2005-08-10 WordPress <= 1.5.1.3 Remote Code Execution eXploit (metasploit) Published

2005-08-09 WordPress <= 1.5.1.3 Remote Code Execution 0-Day Exploit Published

2005-07-04 Gentoo Security Update Fixes Multiple WordPress Vulnerabilities Published

2005-06-30 WordPress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit Published

2005-06-30 WordPress SQL Injection and Cross Site Scripting Vulnerabilities Published

2005-06-22 WordPress <= 1.5.1.1 SQL Injection Exploit Published

2005-06-21 WordPress <= 1.5.1.1 “add new admin” SQL Injection Exploit Published

2005-06-21 WordPress <= 1.5.1.1 “”add new admin”” SQL Injection Exploit Published

2005-05-30 WordPress “cat_ID” Remote SQL Injection Vulnerability Published

2004-10-10 WordPress Blog HTTP Splitting Vulnerability Published