Vulnerabilities > Wordpress > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-43504 Improper Authentication vulnerability in Wordpress
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.
network
low complexity
wordpress CWE-287
5.3
5.3
2022-04-18 CVE-2011-1762 Incorrect Default Permissions vulnerability in Wordpress
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts.
network
low complexity
wordpress CWE-276
6.5
6.5
2022-01-06 CVE-2022-21662 Cross-site Scripting vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2021-09-09 CVE-2021-39200 Information Exposure vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.
network
high complexity
wordpress debian CWE-200
5.3
5.3
2021-09-09 CVE-2021-39201 Cross-site Scripting vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2021-09-09 CVE-2021-39202 Cross-site Scripting vulnerability in Wordpress 5.8
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.
network
low complexity
wordpress CWE-79
5.4
5.4
2021-09-09 CVE-2021-39203 Unspecified vulnerability in Wordpress 5.8
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.
network
low complexity
wordpress
6.5
6.5
2021-04-15 CVE-2021-29450 Information Exposure vulnerability in multiple products
Wordpress is an open source CMS.
network
low complexity
wordpress debian CWE-200
4.3
4.3
2021-04-15 CVE-2021-29447 XXE vulnerability in multiple products
Wordpress is an open source CMS.
network
low complexity
wordpress debian CWE-611
6.5
6.5
2020-11-02 CVE-2020-28040 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
network
low complexity
wordpress debian canonical CWE-352
4.3
4.3