forked from soullivaneuh/vulndb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wp_vulns.json
1 lines (1 loc) · 313 KB
/
wp_vulns.json
1
[{"3.8.1":{"vulnerabilities":[{"id":5963,"title":"WordPress 1.0 - 3.8.1 administrator exploitable blind SQLi","url":["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:52:17.000Z"},{"id":5964,"title":"WordPress 3.7.1 \u0026 3.8.1 Potential Authentication Cookie Forgery","url":["https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/","https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be"],"osvdb":["105620"],"cve":["2014-0166"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:53:11.000Z","fixed_in":"3.8.2"},{"id":5965,"title":"WordPress 3.7.1 \u0026 3.8.1 Privilege escalation: contributors publishing posts","url":["https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165"],"osvdb":["105630"],"cve":["2014-0165"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:53:44.000Z","fixed_in":"3.8.2"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.8":{"vulnerabilities":[{"id":5967,"title":"WordPress 3.7.1 \u0026 3.8 - Cleartext Admin Credentials Disclosure","url":["http://seclists.org/fulldisclosure/2013/Dec/135"],"osvdb":["101101"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T15:45:26.000Z"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.7.1":{"vulnerabilities":[{"id":5964,"title":"WordPress 3.7.1 \u0026 3.8.1 Potential Authentication Cookie Forgery","url":["https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/","https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be"],"osvdb":["105620"],"cve":["2014-0166"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:53:11.000Z","fixed_in":"3.8.2"},{"id":5965,"title":"WordPress 3.7.1 \u0026 3.8.1 Privilege escalation: contributors publishing posts","url":["https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165"],"osvdb":["105630"],"cve":["2014-0165"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:53:44.000Z","fixed_in":"3.8.2"},{"id":5967,"title":"WordPress 3.7.1 \u0026 3.8 - Cleartext Admin Credentials Disclosure","url":["http://seclists.org/fulldisclosure/2013/Dec/135"],"osvdb":["101101"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T15:45:26.000Z"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.6":{"vulnerabilities":[{"id":5968,"title":"WordPress 3.6 PHP Object Injection","url":["http://vagosec.org/2013/09/wordpress-php-object-injection/","http://www.openwall.com/lists/oss-security/2013/09/12/1","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340","http://core.trac.wordpress.org/changeset/25325"],"osvdb":["97211"],"cve":["2013-4338"],"secunia":["54803"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:59.000Z","fixed_in":"3.6.1"},{"id":5969,"title":"WordPress 3.6 SWF/EXE File Upload XSS Weakness","url":["http://core.trac.wordpress.org/changeset/25322"],"osvdb":["97210"],"cve":["2013-5739"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:55:36.000Z","fixed_in":"3.6.1"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5971,"title":"WordPress 3.6 Post Authorship Spoofing","url":["http://core.trac.wordpress.org/changeset/25321"],"osvdb":["97213"],"cve":["2013-4340"],"secunia":["54803"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:56:36.000Z","fixed_in":"3.6.1"},{"id":5972,"title":"WordPress 3.6 HTML File Upload XSS Weakness","url":["http://core.trac.wordpress.org/changeset/25322"],"osvdb":["97214"],"cve":["2013-5738"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:57:07.000Z","fixed_in":"3.6.1"},{"id":5973,"title":"WordPress 3.6 Multiple Function Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Nov/220"],"osvdb":["100487"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:59:06.000Z"},{"id":5974,"title":"WordPress 3.6 Multiple Script Arbitrary Site Redirect","url":["http://seclists.org/fulldisclosure/2013/Dec/174"],"osvdb":["101181"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:59:22.000Z","fixed_in":"3.6.1"},{"id":5975,"title":"WordPress 3.6 _wp_http_referer Parameter Reflected XSS","url":["http://seclists.org/fulldisclosure/2013/Dec/174"],"osvdb":["101182"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:00:00.000Z","fixed_in":"3.6.1"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.5.2":{"vulnerabilities":[{"id":5976,"title":"WordPress 3.5.2 Media Library Multiple Function Path Disclosure","url":["http://websecurity.com.ua/6795/"],"osvdb":["100484"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:00:36.000Z"},{"id":5977,"title":"WordPress 3.5.2 SWFUpload Content Spoofing","url":["http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html","https://github.com/wpscanteam/wpscan/issues/243"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:00:53.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.5.1":{"vulnerabilities":[{"id":5978,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Jul/70"],"osvdb":["95060"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5979,"title":"WordPress 3.4-3.5.1 DoS in class-phpass.php","url":["http://seclists.org/fulldisclosure/2013/Jun/65"],"osvdb":["94235"],"cve":["2013-2173"],"secunia":["53676"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5980,"title":"WordPress 3.5.1 Multiple XSS","osvdb":["94791","94785","94786","94790"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:47.000Z","fixed_in":"3.5.2"},{"id":5981,"title":"WordPress 3.5.1 TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness","osvdb":["94787"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:03:34.000Z","fixed_in":"3.5.2"},{"id":5982,"title":"WordPress File Upload Unspecified Path Disclosure","osvdb":["94788"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5983,"title":"WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)","osvdb":["94789"],"cve":["2013-2202"],"vuln_type":"XXE","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T14:03:49.000Z","fixed_in":"3.5.2"},{"id":5984,"title":"WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation","osvdb":["94783"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5985,"title":"WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)","osvdb":["94784"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.5":{"vulnerabilities":[{"id":5978,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Jul/70"],"osvdb":["95060"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5986,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":["http://seclists.org/fulldisclosure/2013/Jun/65"],"osvdb":["94235"],"cve":["2013-2173"],"secunia":["53676"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5990,"title":"WordPress 3.5 Shortcodes / Post Content Multiple Unspecified XSS","url":["http://www.securityfocus.com/bid/57554","http://securitytracker.com/id?1028045"],"osvdb":["89576"],"cve":["2013-0236"],"secunia":["51967"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:07:15.000Z","fixed_in":"3.5.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":5983,"title":"WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)","osvdb":["94789"],"cve":["2013-2202"],"vuln_type":"XXE","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T14:03:49.000Z","fixed_in":"3.5.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.4.2":{"vulnerabilities":[{"id":5978,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Jul/70"],"osvdb":["95060"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5986,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":["http://seclists.org/fulldisclosure/2013/Jun/65"],"osvdb":["94235"],"cve":["2013-2173"],"secunia":["53676"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5991,"title":"WordPress 3.4.2 Cross Site Request Forgery","url":["http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.4.1":{"vulnerabilities":[{"id":5978,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Jul/70"],"osvdb":["95060"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5986,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":["http://seclists.org/fulldisclosure/2013/Jun/65"],"osvdb":["94235"],"cve":["2013-2173"],"secunia":["53676"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.4":{"vulnerabilities":[{"id":5978,"title":"Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Jul/70"],"osvdb":["95060"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5986,"title":"WordPress 3.4 - 3.5.1 DoS in class-phpass.php","url":["http://seclists.org/fulldisclosure/2013/Jun/65"],"osvdb":["94235"],"cve":["2013-2173"],"secunia":["53676"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z","fixed_in":"3.5.2"},{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.4-beta4":{"vulnerabilities":[{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5992,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":["18791"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-08-01T10:58:21.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"}]}},{"3.3.3":{"vulnerabilities":[{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.3.2":{"vulnerabilities":[{"id":5987,"title":"WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)","url":["https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-08-01T10:58:20.000Z"},{"id":5992,"title":"Wordpress 3.3.1 Multiple CSRF Vulnerabilities","exploitdb":["18791"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-08-01T10:58:21.000Z"},{"id":5993,"title":"WordPress 3.3.2 Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.org/files/113254"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:50:02.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":5966,"title":"WordPress Plupload Unspecified XSS","osvdb":["105622"],"secunia":["57769"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T13:54:40.000Z","fixed_in":"3.8.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.3.1":{"vulnerabilities":[{"id":5997,"title":"WordPress 3.3.1 Multiple vulnerabilities including XSS and Privilege Escalation","url":["http://wordpress.org/news/2012/04/wordpress-3-3-2/"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:11:08.000Z"},{"id":5998,"title":"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities","exploitdb":["18791"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-08-01T10:58:21.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.3":{"vulnerabilities":[{"id":6000,"title":"WordPress 3.3 Reflected Cross-Site Scripting (XSS)","url":["http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:16:34.000Z","fixed_in":"3.3.1"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.2.1":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.2":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.1.4":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.1.3":{"vulnerabilities":[{"id":6001,"title":"WordPress 3.1.3 wp-admin/link-manager.php Multiple Parameter SQL Injection","osvdb":["73723"],"secunia":["45099"],"exploitdb":["17465"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:22.000Z","updated_at":"2014-09-16T14:17:07.000Z","fixed_in":"3.1.4"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.1.2":{"vulnerabilities":[{"id":6002,"title":"Wordpress \u003c= 3.1.2 Clickjacking Vulnerability","url":["http://seclists.org/fulldisclosure/2011/Sep/219","http://www.securityfocus.com/bid/49730"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:22.000Z","updated_at":"2014-08-01T10:58:22.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.1.1":{"vulnerabilities":[{"id":6003,"title":"WordPress 3.1 PCRE Library Remote DoS","osvdb":["72142"],"cve":["2011-4957"],"vuln_type":"DOS","created_at":"2014-08-01T10:58:22.000Z","updated_at":"2014-09-16T14:48:44.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.1":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":6003,"title":"WordPress 3.1 PCRE Library Remote DoS","osvdb":["72142"],"cve":["2011-4957"],"vuln_type":"DOS","created_at":"2014-08-01T10:58:22.000Z","updated_at":"2014-09-16T14:48:44.000Z"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.6":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.5":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.4":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.3":{"vulnerabilities":[{"id":6005,"title":"WordPress 2.0 - 3.0.1 SQL Injection in do_trackbacks()","url":["http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"],"exploitdb":["15684"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:35:02.000Z"},{"id":6006,"title":"Wordpress 3.0.3 stored XSS IE7,6 NS8.1","exploitdb":["15858"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-08-01T10:58:23.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.2":{"vulnerabilities":[{"id":6007,"title":"WordPress XML-RPC Interface Access Restriction Bypass","osvdb":["69761"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-08-01T10:58:23.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0.1":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":6005,"title":"WordPress 2.0 - 3.0.1 SQL Injection in do_trackbacks()","url":["http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"],"exploitdb":["15684"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:35:02.000Z"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.0":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6004,"title":"WordPress \u003c= 3.0.5 wp-admin/press-this.php Privilege Escalation","cve":["2011-5270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:23.000Z","updated_at":"2014-09-16T14:18:15.000Z","fixed_in":"3.0.6"},{"id":5994,"title":"WordPress \u003c= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php","cve":["2012-6633"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:09.000Z","fixed_in":"3.3.3"},{"id":5995,"title":"WordPress \u003c= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass","cve":["2012-6634"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:09:54.000Z","fixed_in":"3.3.3"},{"id":5996,"title":"WordPress \u003c= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft","cve":["2012-6635"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:10:39.000Z","fixed_in":"3.3.3"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":5970,"title":"WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass","url":["http://packetstormsecurity.com/files/123589/","http://core.trac.wordpress.org/changeset/25323","http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609"],"osvdb":["97212"],"cve":["2013-4339"],"secunia":["54803"],"exploitdb":["28958"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2014-09-16T14:03:14.000Z","fixed_in":"3.6.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.9.2":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.9.1":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.9":{"vulnerabilities":[{"id":6014,"title":"WordPress 2.9 Failure to Restrict URL Access","exploitdb":["11441"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:25.000Z","updated_at":"2014-08-01T10:58:25.000Z"},{"id":6015,"title":"WordPress 2.9 - Failure to Restrict URL Access","url":["http://www.ethicalhack3r.co.uk/wordpress-2-9-failure-to-restrict-url-access/"],"osvdb":["62330"],"cve":["2010-0682"],"exploitdb":["11441"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:25.000Z","updated_at":"2014-09-16T15:15:37.000Z","fixed_in":"2.9.2"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.6":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.5":{"vulnerabilities":[{"id":6016,"title":"WordPress \u003c= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution","exploitdb":["10089"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:25.000Z","updated_at":"2014-08-01T10:58:25.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.4":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.3":{"vulnerabilities":[{"id":6017,"title":"Wordpress \u003c= 2.8.3 Remote Admin Reset Password Vulnerability","exploitdb":["9410"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:25.000Z","updated_at":"2014-08-01T10:58:25.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.2":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8.1":{"vulnerabilities":[{"id":6018,"title":"Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit","exploitdb":["9250"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.8":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.7.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.7":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.6.5":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.6.3":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.6.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.6.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6020,"title":"Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit","exploitdb":["6421"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:27.000Z","updated_at":"2014-08-01T10:58:27.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.6":{"vulnerabilities":[{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.5.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.5":{"vulnerabilities":[{"id":6021,"title":"Wordpress 2.5 Cookie Integrity Protection Vulnerability","url":["http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded"],"cve":["2008-1930"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:28.000Z","updated_at":"2014-08-01T10:58:28.000Z"},{"id":5999,"title":"WordPress 2.5 - 3.3.1 XSS in swfupload","url":["http://seclists.org/fulldisclosure/2012/Nov/51"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:21.000Z","updated_at":"2014-09-16T14:13:23.000Z","fixed_in":"3.3.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.3.3":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.3.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.3.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6022,"title":"Wordpress \u003c= 2.3.1 Charset Remote SQL Injection Vulnerability","exploitdb":["4721"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:29.000Z","updated_at":"2014-08-01T10:58:29.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.3":{"vulnerabilities":[{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.2.3":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.2.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.2.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6023,"title":"WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit","exploitdb":["4113"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:30.000Z","updated_at":"2014-08-01T10:58:30.000Z"},{"id":6024,"title":"Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit","exploitdb":["4039"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:30.000Z","updated_at":"2014-08-01T10:58:30.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.1.3":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6025,"title":"Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit","exploitdb":["3960"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:30.000Z","updated_at":"2014-08-01T10:58:30.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.1.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6026,"title":"WordPress 'year' Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded"],"secunia":["24485"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:30.000Z","updated_at":"2014-09-16T15:19:02.000Z"},{"id":6027,"title":"WordPress 2.1.2 Authenticated XMLRPC SQL Injection","url":["https://www.notsosecure.com/blog/2007/04/03/wordpress-212-xmlrpc-security-issues/","https://wordpress.org/news/2007/04/wordpress-213-and-2010/"],"osvdb":["34351"],"cve":["2007-1897"],"secunia":["25108"],"exploitdb":["3656"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:30.000Z","updated_at":"2014-09-16T15:25:04.000Z","fixed_in":"2.1.3"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.1.1":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6028,"title":"WordPress 2.1.1 - Command Execution Backdoor","url":["http://www.securityfocus.com/bid/22797","http://xforce.iss.net/xforce/xfdb/32807","http://wordpress.org/news/2007/03/upgrade-212/"],"cve":["2007-1277"],"secunia":["24374"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:31.000Z","updated_at":"2014-09-16T15:29:16.000Z","fixed_in":"2.1.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.1":{"vulnerabilities":[{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.11":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.10":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.9":{"vulnerabilities":[{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.8":{"vulnerabilities":[{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.7":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.6":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6029,"title":"Wordpress \u003c= 2.0.6 wp-trackback.php Remote SQL Injection Exploit","exploitdb":["3109"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:32.000Z","updated_at":"2014-08-01T10:58:32.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.5":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6030,"title":"Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit","exploitdb":["3095"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:32.000Z","updated_at":"2014-08-01T10:58:32.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.4":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6031,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":["http://www.securityfocus.com/bid/18779"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-08-01T10:58:33.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.3":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6031,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":["http://www.securityfocus.com/bid/18779"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-08-01T10:58:33.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.2":{"vulnerabilities":[{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":6032,"title":"WordPress \u003c= 2.0.2 (cache) Remote Shell Injection Exploit","exploitdb":["6"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-08-01T10:58:33.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6031,"title":"WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability","url":["http://www.securityfocus.com/bid/18779"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-08-01T10:58:33.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0.1":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"2.0":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":6019,"title":"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/35584/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:26.000Z","updated_at":"2014-08-01T10:58:26.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":6009,"title":"WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions","osvdb":["104693"],"cve":["2010-5293"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:41:09.000Z","fixed_in":"3.0.2"},{"id":6010,"title":"WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()","cve":["2010-5294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:43:25.000Z","fixed_in":"3.0.2"},{"id":6011,"title":"WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php","cve":["2010-5295"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:51:20.000Z","fixed_in":"3.0.2"},{"id":6012,"title":"WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass","cve":["2010-5296"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:52:52.000Z","fixed_in":"3.0.2"},{"id":6013,"title":"WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass","osvdb":["104691"],"cve":["2010-5297"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:24.000Z","updated_at":"2014-09-16T14:54:47.000Z","fixed_in":"3.0.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5.2":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5.1.3":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":6034,"title":"Wordpress \u003c= 1.5.1.3 Remote Code Execution eXploit (metasploit)","cve":["2005-2612"],"secunia":["16386"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-10-02T20:55:17.000Z","metasploit":"exploit/unix/webapp/php_wordpress_lastpost"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5.1.2":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":6035,"title":"Wordpress \u003c= 1.5.1.2 xmlrpc Interface SQL Injection Exploit","osvdb":["17636","17637","17638","17639","17640","17641"],"cve":["2005-2108"],"secunia":["15831","15898"],"exploitdb":["1077"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-08-01T10:58:34.000Z","fixed_in":"1.5.1.3"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5.1.1":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":6036,"title":"WordPress \u003c= 1.5.1.1 \"add new admin\" SQL Injection Exploit","exploitdb":["1059"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-08-01T10:58:34.000Z"},{"id":6037,"title":"WordPress \u003c= 1.5.1.1 SQL Injection Exploit","exploitdb":["1033"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-08-01T10:58:34.000Z"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":7615,"title":"WordPress 1.5 \u0026 1.5.1.1 - SQL Injection","url":["http://www.securityfocus.com/bid/13809"],"cve":["2005-1810"],"vuln_type":"SQLI","created_at":"2014-09-27T13:44:45.000Z","updated_at":"2014-09-27T13:45:26.000Z","fixed_in":"1.5.1.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5.1":{"vulnerabilities":[{"id":6033,"title":"Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS","osvdb":["38577"],"cve":["2007-5105","2007-5106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:33.000Z","updated_at":"2014-09-16T15:36:03.000Z","fixed_in":"2.0.2"},{"id":5988,"title":"WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning","url":["https://github.com/FireFart/WordpressPingbackPortScanner"],"cve":["2013-0235"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-27T13:59:47.000Z","fixed_in":"3.5.1"},{"id":5989,"title":"WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues","url":["http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"],"vuln_type":"SSRF","created_at":"2014-08-01T10:58:20.000Z","updated_at":"2014-09-16T14:02:30.000Z"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.5":{"vulnerabilities":[{"id":6038,"title":"WordPress 1.5 wp-trackback.php tb_id Parameter SQL Injection","osvdb":["16701","16702","16703"],"cve":["2005-1687"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-09-16T13:51:40.000Z","fixed_in":"1.5.1"},{"id":6039,"title":"WordPress \u003c= 1.5 Multiple Vulnerabilities (XSS, SQLi)","osvdb":["16702","16701","16703","16478"],"cve":["2005-1687","2005-1688"],"secunia":["15324"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:34.000Z","updated_at":"2014-09-16T15:42:46.000Z","fixed_in":"1.5.1"},{"id":6042,"title":"WordPress 1.5 template-functions-post.php Multiple Field XSS","osvdb":["15643"],"cve":["2005-1102"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-09-16T13:51:15.000Z"},{"id":7615,"title":"WordPress 1.5 \u0026 1.5.1.1 - SQL Injection","url":["http://www.securityfocus.com/bid/13809"],"cve":["2005-1810"],"vuln_type":"SQLI","created_at":"2014-09-27T13:44:45.000Z","updated_at":"2014-09-27T13:45:26.000Z","fixed_in":"1.5.1.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.6.1":{"vulnerabilities":[{"id":7526,"title":"WordPress 3.5 - 3.7.1 XML-RPC DoS","url":["http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/","http://www.breaksec.com/?p=6362"],"vuln_type":"DOS","created_at":"2014-08-27T11:32:03.000Z","updated_at":"2014-09-16T17:00:57.000Z","metasploit":"auxiliary/dos/http/wordpress_xmlrpc_dos","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.9":{"vulnerabilities":[{"id":7527,"title":" WordPress 3.9 \u0026 3.9.1 Unlikely Code Execution","url":["https://core.trac.wordpress.org/changeset/29389"],"cve":["2014-5203"],"vuln_type":"RCE","created_at":"2014-09-16T17:10:42.000Z","updated_at":"2014-09-16T17:10:59.000Z","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"},{"id":7697,"title":"WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists","url":["https://core.trac.wordpress.org/changeset/30422"],"cve":["2014-9032"],"vuln_type":"XSS","created_at":"2014-11-30T19:09:16.000Z","updated_at":"2014-11-30T19:10:16.000Z","fixed_in":"4.0.1"}]}},{"3.9.1":{"vulnerabilities":[{"id":7527,"title":" WordPress 3.9 \u0026 3.9.1 Unlikely Code Execution","url":["https://core.trac.wordpress.org/changeset/29389"],"cve":["2014-5203"],"vuln_type":"RCE","created_at":"2014-09-16T17:10:42.000Z","updated_at":"2014-09-16T17:10:59.000Z","fixed_in":"3.9.2"},{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"},{"id":7697,"title":"WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists","url":["https://core.trac.wordpress.org/changeset/30422"],"cve":["2014-9032"],"vuln_type":"XSS","created_at":"2014-11-30T19:09:16.000Z","updated_at":"2014-11-30T19:10:16.000Z","fixed_in":"4.0.1"}]}},{"3.7":{"vulnerabilities":[{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.8.2":{"vulnerabilities":[{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.8.3":{"vulnerabilities":[{"id":7528,"title":"WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing","url":["https://core.trac.wordpress.org/changeset/29384","https://core.trac.wordpress.org/changeset/29408"],"cve":["2014-5204","2014-5205"],"vuln_type":"CSRF","created_at":"2014-09-16T18:06:10.000Z","updated_at":"2014-09-16T18:07:58.000Z","fixed_in":"3.9.2"},{"id":7529,"title":"WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite","url":["https://core.trac.wordpress.org/changeset/29398"],"cve":["2014-5240"],"vuln_type":"XSS","created_at":"2014-09-16T18:15:20.000Z","updated_at":"2014-09-16T18:15:59.000Z","fixed_in":"3.9.2"},{"id":7530,"title":"WordPress 3.6 - 3.9.1 XXE in GetID3 Library","url":["https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc","http://getid3.sourceforge.net/","http://wordpress.org/news/2014/08/wordpress-3-9-2/","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav"],"cve":["2014-2053"],"vuln_type":"XXE","created_at":"2014-09-16T18:19:44.000Z","updated_at":"2014-09-16T18:28:25.000Z","fixed_in":"3.9.2"},{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"3.9.2":{"vulnerabilities":[{"id":7531,"title":"WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout","url":["http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout","http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html"],"cve":["2012-5868"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T13:32:43.000Z","updated_at":"2014-09-17T13:33:06.000Z","fixed_in":"4.0"},{"id":7680,"title":"WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://klikki.fi/adv/wordpress.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/","http://klikki.fi/adv/wordpress_update.html"],"cve":["2014-9031"],"vuln_type":"XSS","created_at":"2014-11-20T19:52:43.000Z","updated_at":"2014-12-02T11:17:30.000Z","fixed_in":"4.0"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"},{"id":7697,"title":"WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists","url":["https://core.trac.wordpress.org/changeset/30422"],"cve":["2014-9032"],"vuln_type":"XSS","created_at":"2014-11-30T19:09:16.000Z","updated_at":"2014-11-30T19:10:16.000Z","fixed_in":"4.0.1"}]}},{"1.2":{"vulnerabilities":[{"id":7613,"title":"WordPress 1.2-1.2.1 - Multiple Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/11268"],"cve":["2004-1559"],"secunia":["12683"],"vuln_type":"XSS","created_at":"2014-09-27T13:35:32.000Z","updated_at":"2014-09-27T13:46:08.000Z","fixed_in":"1.2.2"},{"id":7614,"title":"WordPress 1.2 - HTTP Response Splitting","url":["http://www.securityfocus.com/bid/11348"],"cve":["2004-1584"],"secunia":["12773"],"vuln_type":"UNKNOWN","created_at":"2014-09-27T13:39:17.000Z","updated_at":"2014-09-27T13:39:33.000Z","fixed_in":"1.2.1"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"1.2.1":{"vulnerabilities":[{"id":7613,"title":"WordPress 1.2-1.2.1 - Multiple Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/11268"],"cve":["2004-1559"],"secunia":["12683"],"vuln_type":"XSS","created_at":"2014-09-27T13:35:32.000Z","updated_at":"2014-09-27T13:46:08.000Z","fixed_in":"1.2.2"},{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"}]}},{"4.0":{"vulnerabilities":[{"id":7681,"title":"WordPress \u003c= 4.0 - Long Password Denial of Service (DoS)","url":["http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","https://wordpress.org/news/2014/11/wordpress-4-0-1/"],"osvdb":["114857"],"cve":["2014-9034"],"exploitdb":["35413","35414"],"vuln_type":"DOS","created_at":"2014-11-20T20:02:12.000Z","updated_at":"2014-12-02T09:18:31.000Z","fixed_in":"4.0.1"},{"id":7691,"title":"WordPress \u003c= 4.0 - CSRF in wp-login.php Password Reset","url":["https://core.trac.wordpress.org/changeset/30418"],"cve":["2014-9033"],"vuln_type":"CSRF","created_at":"2014-11-25T22:57:27.000Z","updated_at":"2014-11-25T22:58:53.000Z","fixed_in":"4.0.1"},{"id":7696,"title":"WordPress \u003c= 4.0 - Server Side Request Forgery (SSRF)","url":["http://www.securityfocus.com/bid/71234","https://core.trac.wordpress.org/changeset/30444"],"cve":["2014-9038"],"vuln_type":"SSRF","created_at":"2014-11-30T19:02:31.000Z","updated_at":"2014-11-30T19:05:52.000Z","fixed_in":"4.0.1"},{"id":7697,"title":"WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists","url":["https://core.trac.wordpress.org/changeset/30422"],"cve":["2014-9032"],"vuln_type":"XSS","created_at":"2014-11-30T19:09:16.000Z","updated_at":"2014-11-30T19:10:16.000Z","fixed_in":"4.0.1"}]}}]