Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wordpress
(Wordpress)Repositories |
• https://github.com/WordPress/WordPress
• https://github.com/johndyer/mediaelement • https://github.com/moxiecode/moxieplayer • https://github.com/moxiecode/plupload |
#Vulnerabilities | 349 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-10-17 | CVE-2019-17674 | WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | Debian_linux, Wordpress | 5.4 | ||
2019-10-17 | CVE-2019-17675 | WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | Debian_linux, Wordpress | 8.8 | ||
2022-12-05 | CVE-2022-43497 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | Wordpress | 6.1 | ||
2022-12-05 | CVE-2022-43500 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | Wordpress | 6.1 | ||
2022-12-05 | CVE-2022-43504 | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. | Wordpress | 5.3 | ||
2019-09-11 | CVE-2019-16217 | WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16218 | WordPress before 5.2.3 allows XSS in stored comments. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16219 | WordPress before 5.2.3 allows XSS in shortcode previews. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16220 | In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16221 | WordPress before 5.2.3 allows reflected XSS in the dashboard. | Debian_linux, Wordpress | 6.1 |