Latest Wordpress Wordpress 4 2 8 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2019-10-17 CVE-2019-17670 Server-Side Request Forgery (SSRF) vulnerability in Wordpress
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
network
low complexity
wordpress
CWE-918
nessus
7.5
2019-10-17 CVE-2019-17669 Server-Side Request Forgery (SSRF) vulnerability in Wordpress
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
network
low complexity
wordpress
CWE-918
nessus
7.5
2019-09-11 CVE-2019-16223 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
network
wordpress
CWE-79
nessus
3.5
2019-09-11 CVE-2019-16222 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
network
wordpress
CWE-79
nessus
4.3
2019-09-11 CVE-2019-16221 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 allows reflected XSS in the dashboard.
network
wordpress
CWE-79
nessus
4.3
2019-09-11 CVE-2019-16220 Open Redirect vulnerability in Wordpress
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
network
wordpress
CWE-601
nessus
5.8
2019-09-11 CVE-2019-16219 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 allows XSS in shortcode previews.
network
wordpress
CWE-79
nessus
4.3
2019-09-11 CVE-2019-16218 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 allows XSS in stored comments.
network
wordpress
CWE-79
nessus
4.3
2019-09-11 CVE-2019-16217 Cross-Site Scripting vulnerability in Wordpress
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
network
wordpress
CWE-79
nessus
4.3
2019-03-14 CVE-2019-9787 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration.
network
wordpress
CWE-352
nessus
6.8