Latest Wordpress Security Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-12 | CVE-2020-4050 | Authentication Bypass Using AN Alternate Path OR Channel vulnerability in multiple products In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. | |
| 2020-06-12 | CVE-2020-4049 | Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. | |
| 2020-06-12 | CVE-2020-4048 | Open Redirect vulnerability in Wordpress In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. | |
| 2020-06-12 | CVE-2020-4047 | Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. | |
| 2020-06-12 | CVE-2020-4046 | Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. | |
| 2020-04-30 | CVE-2020-11030 | Cross-Site Scripting vulnerability in Wordpress In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. | |
| 2020-04-30 | CVE-2020-11029 | Cross-Site Scripting vulnerability in Wordpress In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. | |
| 2020-04-30 | CVE-2020-11028 | Information Exposure vulnerability in Wordpress In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. | |
| 2020-04-30 | CVE-2020-11027 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. | |
| 2020-04-30 | CVE-2020-11026 | Cross-Site Scripting vulnerability in Wordpress In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. |