Latest Wordpress Wordpress 4 2 8 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-6635 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
network
wordpress
CWE-352
nessus
6.8
2016-08-07 CVE-2016-6634 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
wordpress
CWE-79
nessus
4.3
2016-08-07 CVE-2016-4029 Improper Authorization vulnerability in Wordpress
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
network
low complexity
wordpress
CWE-285
nessus
5.0
2016-06-29 CVE-2016-5839 Security vulnerability in WordPress
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
network
low complexity
wordpress
nessus
5.0
2016-06-29 CVE-2016-5838 Credentials Management vulnerability in Wordpress
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
network
low complexity
wordpress
CWE-255
nessus
5.0
2016-06-29 CVE-2016-5837 Unspecified vulnerability in Wordpress
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
network
low complexity
wordpress
nessus
5.0
2016-06-29 CVE-2016-5836 Denial of Service vulnerability in WordPress 'oEmbed'
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
wordpress
nessus
5.0
2016-06-29 CVE-2016-5835 Information Exposure vulnerability in Wordpress
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
network
low complexity
wordpress
CWE-200
nessus
5.0
2016-06-29 CVE-2016-5834 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
network
wordpress
CWE-79
nessus
4.3
2016-06-29 CVE-2016-5833 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
network
wordpress
CWE-79
nessus
4.3