Vulnerabilities > Wordpress > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-29 | CVE-2016-5835 | Information Exposure vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. | 7.5 |
| 2016-06-29 | CVE-2016-5832 | Unspecified vulnerability in Wordpress The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | 7.5 |
| 2016-05-22 | CVE-2016-2222 | Unspecified vulnerability in Wordpress 4.4.1 The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php. | 8.6 |
| 2016-05-22 | CVE-2016-2221 | Unspecified vulnerability in Wordpress Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. | 7.4 |