Vulnerabilities > Wordpress > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-39202 | Cross-site Scripting vulnerability in Wordpress 5.8 WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. | 3.5 |
| 2021-09-09 | CVE-2021-39201 | Cross-site Scripting vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. | 3.5 |
| 2020-06-12 | CVE-2020-4049 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. | 2.4 |
| 2020-06-12 | CVE-2020-4050 | Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. | 3.1 |
| 2020-04-30 | CVE-2020-11030 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. | 3.5 |
| 2020-04-30 | CVE-2020-11025 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. | 3.5 |
| 2018-12-14 | CVE-2018-20149 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | 3.5 |
| 2018-12-14 | CVE-2018-20153 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | 3.5 |
| 2017-12-02 | CVE-2017-17092 | Cross-site Scripting vulnerability in Wordpress wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 3.5 |
| 2017-12-02 | CVE-2017-17093 | Cross-site Scripting vulnerability in Wordpress wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | 3.5 |