3.8.5

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-17	CVE-2019-17671	Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. network low complexity wordpress debian CWE-200	5.3
2019-10-17	CVE-2019-17670	Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. network low complexity wordpress debian CWE-918 critical	9.8
2019-10-17	CVE-2019-17669	Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. network low complexity wordpress debian CWE-918 critical	9.8
2019-09-11	CVE-2019-16223	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. network low complexity wordpress debian CWE-79	5.4
2019-09-11	CVE-2019-16222	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16221	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16220	Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. network low complexity wordpress debian CWE-601	6.1
2019-09-11	CVE-2019-16219	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in shortcode previews. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16218	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in stored comments. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16217	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. network low complexity wordpress debian CWE-79	6.1