Vulnerabilities > Wordpress > Wordpress > 4.5.27
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-17 | CVE-2019-17674 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | 5.4 |
| 2019-10-17 | CVE-2019-17673 | WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | 7.5 |
| 2019-10-17 | CVE-2019-17672 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | 6.1 |
| 2019-10-17 | CVE-2019-17671 | Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | 5.3 |
| 2019-10-17 | CVE-2019-17670 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | 9.8 |
| 2019-10-17 | CVE-2019-17669 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | 9.8 |
| 2019-09-11 | CVE-2019-16223 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. | 5.4 |
| 2019-09-11 | CVE-2019-16222 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | 6.1 |
| 2019-09-11 | CVE-2019-16221 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. | 6.1 |
| 2019-09-11 | CVE-2019-16220 | Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | 6.1 |