Vulnerabilities > Wordpress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-11-02 | CVE-2020-28039 | Unspecified vulnerability in Wordpress is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 6.4 |
| 2020-11-02 | CVE-2020-28038 | Cross-Site Scripting vulnerability in Wordpress WordPress before 5.5.2 allows stored XSS via post slugs. | 4.3 |
| 2020-11-02 | CVE-2020-28037 | Improper Input Validation vulnerability in Wordpress is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | 7.5 |
| 2020-11-02 | CVE-2020-28036 | Improper Privilege Management vulnerability in Wordpress wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 7.5 |
| 2020-11-02 | CVE-2020-28035 | Improper Privilege Management vulnerability in Wordpress WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | 7.5 |
| 2020-11-02 | CVE-2020-28034 | Cross-Site Scripting vulnerability in Wordpress WordPress before 5.5.2 allows XSS associated with global variables. | 4.3 |
| 2020-11-02 | CVE-2020-28033 | Unspecified vulnerability in Wordpress WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 5.0 |
| 2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in Wordpress WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 7.5 |
| 2020-09-13 | CVE-2020-25286 | Unspecified vulnerability in Wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 5.0 |