CVEs

来自WordPress中文文档
Zhuozuran讨论 | 贡献2009年3月14日 (六) 09:23的版本 (1个修订)
跳转至: 导航搜索

CVE stands for Common Vulnerabilities and Exposures, which is an industry standard way to track security issues in software applications. They are tracked centrally in the National Vulnerability Database run by the Department of Homeland Security.

Although many CVEs mention WordPress, only a few are applicable. Here is a list of CVEs that mention WordPress, organized by year, and whether the CVE impacts WordPress Plugins, the core programming, WordPress.com, or another aspect of WordPress, as well as which version of WordPress was impacted.

In terms of security of your WordPress blog, being on the latest version of WordPress is all you need. WordPress generally fixes vulnerabilities and releases an upgrade or security update version before they become public and are issued a CVE.

2008

42 total CVEs, 33 apply to plugins, 3 apply to core, 2 to legacy, and 4 are invalid.

table tr th width=125CVE ID/th th width=100Date/th th width=125Impact/th thNotes/th /tr tr tdCVE-2008-2510/td td2008-05-29/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-2392/td td2008-05-21/td tdInvalid/td tdquot;Adminquot; user has ability to edit plugins and upload files if file permissions allow- this is intentional./td /tr tr tdCVE-2008-2146/td td2008-05-12/td tdInvalid/td tdDescribes a known issue in WordPress 2.2, which was released more than a year before. (Covered by previous CVE.) The problem described was fixed 9 months before this report./td /tr tr tdCVE-2008-2068/td td2008-05-02/td tdCore/td tdquot;Unspecified vectorsquot; were never publicly reported, but fixed in 2.5.1. /td /tr tr tdCVE-2008-2034/td td2008-04-30/td tdPlugin/td td/td /tr tr tdCVE-2008-1930/td td2008-04-28/td tdCore/td tdCookie-based cryptographic splicing attack. Fixed in 2.5.1 prior to disclosure./td /tr tr tdCVE-2008-2146/td td2008-04-27/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-1982/td td2008-04-02/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-1304/td td2008-03-12/td tdWordPress.com/td tdXSS in invite system on WordPress.com, did not apply to WordPress.org blogs at all./td /tr tr tdCVE-2008-1060/td td2008-02-28/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-1059/td td2008-02-28/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0939/td td2008-02-25/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0845/td td2008-02-20/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0837/td td2008-02-20/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0691/td td2008-02-11/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0683/td td2008-02-11/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0682/td td2008-02-11/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0664/td td2008-02-07/td tdCore/td tdIf registration was enabled, an undisclosed vulnerability in XML-RPC. Fixed by 2.5 prior to disclosure./td /tr tr tdCVE-2008-0618/td td2008-02-06/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0617/td td2008-02-06/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0616/td td2008-02-06/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0615/td td2008-02-06/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0560/td td2008-02-04/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0520/td td2008-01-31/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0508/td td2008-01-31/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0507/td td2008-01-31/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0491/td td2008-01-30/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0490/td td2008-01-30/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0388/td td2008-01-22/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0222/td td2008-01-10/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0206/td td2008-01-09/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0205/td td2008-01-09/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0204/td td2008-01-09/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0198/td td2008-01-09/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0197/td td2008-01-09/td tdPlugin/td tdnbsp;/td /tr tr tdCVE-2008-0196/td td2008-01-09/td tdLegacy Core/td tdProblem in legacy 2.0 branch of WordPress, not applicable to current versions./td /tr tr tdCVE-2008-0195/td td2008-01-09/td tdLegacy Core/td tdDisclosure in legacy 2.0 branch of WordPress, not applicable to current versions./td /tr tr tdCVE-2008-0194/td td2008-01-09/td tdPlugin/td tdFixed in version 2.1.0 of this plugin, released 7 months prior to this CVE/td /tr tr tdCVE-2008-0193/td td2008-01-09/td tdPlugin/td tdFixed in version 2.1.0 of this plugin, released 7 months prior to this CVE/td /tr tr tdCVE-2008-0192/td td2008-01-09/td tdInvalid/td tdProblem already fixed by 2.0.10 release 9 months before this CVE./td /tr tr tdCVE-2008-0191/td td2008-01-09/td tdInvalid/td tdCould not recreate in current release (2.3.2) at that time/td /tr /table