Vulnerabilities > Wordpress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-07 | CVE-2016-4029 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. | 8.6 |
| 2016-06-29 | CVE-2016-5839 | Unspecified vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5838 | Credentials Management vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | 7.5 |
| 2016-06-29 | CVE-2016-5837 | Unspecified vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5836 | Unspecified vulnerability in Wordpress The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5835 | Information Exposure vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. | 7.5 |
| 2016-06-29 | CVE-2016-5834 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. | 6.1 |
| 2016-06-29 | CVE-2016-5833 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. | 6.1 |
| 2016-06-29 | CVE-2016-5832 | Unspecified vulnerability in Wordpress The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | 7.5 |
| 2016-05-22 | CVE-2016-4567 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." | 6.1 |