Mark Jaquith

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 2.3.3 WordPress version 2.5 **Description** A directory traversal issue exists in the `get category template` function, allowing remote attackers to include and possibly execute arbitrary PHP files. This is achieved by manipulating the `cat` parameter in the "index.php" endpoint. **Recommendations** For WordPress versions prior to 2.3.3, update to a version later than 2.3.3 to resolve the issue. For WordPress version 2.5, consider disabling the `get category template` function or restricting access to the `cat` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress (affected versions not specified) **Description** The issue concerns a problem in WordPress. No specific details about the nature of the issue, affected devices, or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 2.0.2 **Description** The issue concerns multiple unannounced cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The exact attack vectors are unknown. **Recommendations** For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue.