Latest Wordpress Wordpress 4 6 8 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-06-12 CVE-2020-4050 Authentication Bypass Using AN Alternate Path OR Channel vulnerability in multiple products
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved.
6.0
2020-06-12 CVE-2020-4049 Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page.
3.5
2020-06-12 CVE-2020-4048 Open Redirect vulnerability in Wordpress
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.
4.9
2020-06-12 CVE-2020-4047 Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way.
3.5
2020-06-12 CVE-2020-4046 Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Wordpress
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor.
3.5
2020-04-30 CVE-2020-11030 Cross-Site Scripting vulnerability in Wordpress
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor.
network
wordpress
debian
CWE-79
nessus
3.5
2020-04-30 CVE-2020-11029 Cross-Site Scripting vulnerability in Wordpress
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks.
network
wordpress
debian
CWE-79
nessus
4.3
2020-04-30 CVE-2020-11028 Information Exposure vulnerability in Wordpress
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.
4.3
2020-04-30 CVE-2020-11027 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password.
network
low complexity
wordpress
debian
CWE-640
nessus
5.5
2020-04-30 CVE-2020-11026 Cross-Site Scripting vulnerability in Wordpress
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file.
network
wordpress
debian
CWE-79
nessus
3.5