3.9.31

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-11	CVE-2019-16223	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. network low complexity wordpress debian CWE-79	5.4
2019-09-11	CVE-2019-16222	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16221	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16220	Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. network low complexity wordpress debian CWE-601	6.1
2019-09-11	CVE-2019-16219	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in shortcode previews. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16218	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in stored comments. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16217	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. network low complexity wordpress debian CWE-79	6.1
2019-02-20	CVE-2019-8943	Path Traversal vulnerability in Wordpress WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). network low complexity wordpress CWE-22	4.0
2019-02-20	CVE-2019-8942	Code Injection vulnerability in multiple products WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. network low complexity wordpress debian CWE-94	6.5
2018-12-14	CVE-2018-20147	Incorrect Authorization vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. network low complexity wordpress debian CWE-863	5.5