CVE-2006-0733

LOW

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability

Score CVSS v2.0

2.6

/ 10.0

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Informations

Publié: 16 févr. 2006
Mis à jour: 16 avr. 2026
Statut: Modified
Source: cve@mitre.org

Produits affectés

wordpress wordpressToutes les CVE WordPress →

Versions : 2.0

Faiblesses (CWE)

NVD-CWE-Other

Références (8)

http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html
ExploitVendor Advisory
http://www.securityfocus.com/archive/1/425043/100/0/threaded
http://www.securityfocus.com/bid/16656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24736
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html
ExploitVendor Advisory
http://www.securityfocus.com/archive/1/425043/100/0/threaded
http://www.securityfocus.com/bid/16656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24736

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance