Product:

Wordpress

(Wordpress)
Repositories https://github.com/WordPress/WordPress
https://github.com/johndyer/mediaelement
https://github.com/moxiecode/moxieplayer
https://github.com/moxiecode/plupload
#Vulnerabilities 351
Date Id Summary Products Score Patch Annotated
2019-10-17 CVE-2019-17669 WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. Debian_linux, Wordpress 9.8
2019-10-17 CVE-2019-17671 In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. Debian_linux, Wordpress 5.3
2019-10-17 CVE-2019-17672 WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. Debian_linux, Wordpress 6.1
2019-10-17 CVE-2019-17674 WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. Debian_linux, Wordpress 5.4
2019-10-17 CVE-2019-17675 WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. Debian_linux, Wordpress 8.8
2019-09-11 CVE-2019-16217 WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. Debian_linux, Wordpress 6.1
2019-09-11 CVE-2019-16218 WordPress before 5.2.3 allows XSS in stored comments. Debian_linux, Wordpress 6.1
2019-09-11 CVE-2019-16219 WordPress before 5.2.3 allows XSS in shortcode previews. Debian_linux, Wordpress 6.1
2019-09-11 CVE-2019-16221 WordPress before 5.2.3 allows reflected XSS in the dashboard. Debian_linux, Wordpress 6.1
2019-09-11 CVE-2019-16222 WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. Debian_linux, Wordpress 6.1