Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-27	CVE-2019-20043	Improper Privilege Management vulnerability in multiple products In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. network low complexity wordpress debian CWE-269	4.3
2019-12-27	CVE-2019-20042	Cross-site Scripting vulnerability in multiple products In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. network low complexity wordpress debian CWE-79	6.1
2019-12-26	CVE-2019-16781	Cross-site Scripting vulnerability in multiple products In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. network low complexity wordpress debian CWE-79	5.4
2019-12-26	CVE-2019-16780	Cross-site Scripting vulnerability in multiple products WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. network low complexity wordpress debian CWE-79	5.4
2019-10-17	CVE-2019-17674	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. network low complexity wordpress debian CWE-79	5.4
2019-10-17	CVE-2019-17672	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. network low complexity wordpress debian CWE-79	6.1
2019-10-17	CVE-2019-17671	Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. network low complexity wordpress debian CWE-200	5.3
2019-09-11	CVE-2019-16223	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. network low complexity wordpress debian CWE-79	5.4
2019-09-11	CVE-2019-16222	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16221	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. network low complexity wordpress debian CWE-79	6.1