Wordpress Wordpress Mu — known CVE vulnerabilities
Every CVE whose affected-product data names Wordpress Wordpress Mu, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2008-5695 — CVSS 8.5 (high): wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an…
CVE-2007-3544 — CVSS 6.5 (medium): Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote…
CVE-2007-3543 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload…
CVE-2009-2432 — CVSS 5.0 (medium): WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php…
CVE-2009-2335 — CVSS 5.0 (medium): WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists…
CVE-2009-2336 — CVSS 5.0 (medium): The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on…
CVE-2009-2334 — CVSS 4.9 (medium): wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of…
CVE-2007-4544 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject…
CVE-2008-4671 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject…
CVE-2009-1030 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU)…