Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wordpress
(Wordpress)| Repositories |
• https://github.com/WordPress/WordPress
• https://github.com/johndyer/mediaelement • https://github.com/moxiecode/moxieplayer • https://github.com/moxiecode/plupload |
| #Vulnerabilities | 351 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-13 | CVE-2020-25286 | In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | Wordpress | 5.3 | ||
| 2020-11-02 | CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | Debian_linux, Fedora, Wordpress | 7.5 | ||
| 2020-11-02 | CVE-2020-28032 | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | Debian_linux, Fedora, Wordpress | 9.8 | ||
| 2020-11-02 | CVE-2020-28034 | WordPress before 5.5.2 allows XSS associated with global variables. | Debian_linux, Fedora, Wordpress | 6.1 | ||
| 2020-11-02 | CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | Debian_linux, Fedora, Wordpress | 9.8 | ||
| 2020-11-02 | CVE-2020-28036 | wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | Debian_linux, Fedora, Wordpress | 9.8 | ||
| 2020-11-02 | CVE-2020-28037 | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | Debian_linux, Fedora, Wordpress | 9.8 | ||
| 2020-11-02 | CVE-2020-28038 | WordPress before 5.5.2 allows stored XSS via post slugs. | Debian_linux, Fedora, Wordpress | 6.1 | ||
| 2020-11-02 | CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | Ubuntu_linux, Debian_linux, Wordpress | 9.1 | ||
| 2020-11-02 | CVE-2020-28040 | WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | Ubuntu_linux, Debian_linux, Wordpress | 4.3 |