Vulnerabilities > Wordpress > Wordpress > 4.3.8

DATE CVE VULNERABILITY TITLE RISK
2019-10-17 CVE-2019-17673 WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
network
low complexity
wordpress debian
5.0
2019-10-17 CVE-2019-17672 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
network
low complexity
wordpress debian CWE-79
6.1
2019-10-17 CVE-2019-17671 Information Exposure vulnerability in multiple products
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
network
low complexity
wordpress debian CWE-200
5.3
2019-10-17 CVE-2019-17670 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
network
low complexity
wordpress debian CWE-918
critical
9.8
2019-10-17 CVE-2019-17669 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
network
low complexity
wordpress debian CWE-918
critical
9.8
2019-09-11 CVE-2019-16223 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
network
low complexity
wordpress debian CWE-79
5.4
2019-09-11 CVE-2019-16222 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
network
low complexity
wordpress debian CWE-79
6.1
2019-09-11 CVE-2019-16221 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows reflected XSS in the dashboard.
network
low complexity
wordpress debian CWE-79
6.1
2019-09-11 CVE-2019-16220 Open Redirect vulnerability in multiple products
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
network
low complexity
wordpress debian CWE-601
6.1
2019-09-11 CVE-2019-16219 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows XSS in shortcode previews.
network
low complexity
wordpress debian CWE-79
6.1