Vulnerabilities > Wordpress

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-28036 Missing Authorization vulnerability in multiple products
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
network
low complexity
wordpress fedoraproject debian CWE-862
critical
 9.8
9.8
2020-11-02 CVE-2020-28035 WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
network
low complexity
wordpress fedoraproject debian
critical
 9.8
9.8
2020-11-02 CVE-2020-28034 Cross-site Scripting vulnerability in multiple products
WordPress before 5.5.2 allows XSS associated with global variables.
network
low complexity
wordpress fedoraproject debian CWE-79
6.1
6.1
2020-11-02 CVE-2020-28033 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
network
low complexity
wordpress fedoraproject debian
7.5
7.5
2020-11-02 CVE-2020-28032 Deserialization of Untrusted Data vulnerability in multiple products
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
network
low complexity
wordpress fedoraproject debian CWE-502
critical
 9.8
9.8
2020-09-13 CVE-2020-25286 Unspecified vulnerability in Wordpress
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
network
low complexity
wordpress
5.3
5.3
2020-06-12 CVE-2020-4050 In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved.
network
high complexity
wordpress fedoraproject debian
3.1
3.1
2020-06-12 CVE-2020-4049 In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page.
network
low complexity
wordpress fedoraproject debian
2.4
2.4
2020-06-12 CVE-2020-4048 In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.
network
low complexity
wordpress fedoraproject debian
5.7
5.7
2020-06-12 CVE-2020-4047 In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way.
network
low complexity
wordpress fedoraproject debian
6.8
6.8