Vulnerabilities > Wordpress > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-26 | CVE-2019-16781 | Cross-site Scripting vulnerability in multiple products In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. | 5.4 |
2019-12-26 | CVE-2019-16780 | Cross-site Scripting vulnerability in multiple products WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. | 5.4 |
2019-10-17 | CVE-2019-17674 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | 5.4 |
2019-10-17 | CVE-2019-17672 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | 6.1 |
2019-10-17 | CVE-2019-17671 | Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | 5.3 |
2019-09-11 | CVE-2019-16223 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. | 5.4 |
2019-09-11 | CVE-2019-16222 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | 6.1 |
2019-09-11 | CVE-2019-16221 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. | 6.1 |
2019-09-11 | CVE-2019-16220 | Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | 6.1 |
2019-09-11 | CVE-2019-16219 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in shortcode previews. | 6.1 |