4.8.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-02	CVE-2020-28035	WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. network low complexity wordpress fedoraproject debian critical	9.8
2020-11-02	CVE-2020-28034	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-11-02	CVE-2020-28033	WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. network low complexity wordpress fedoraproject debian	7.5
2020-11-02	CVE-2020-28032	Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. network low complexity wordpress fedoraproject debian CWE-502 critical	9.8
2020-09-13	CVE-2020-25286	Unspecified vulnerability in Wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. network low complexity wordpress	5.3
2020-06-12	CVE-2020-4050	In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. network high complexity wordpress fedoraproject debian	3.1
2020-06-12	CVE-2020-4049	In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. network low complexity wordpress fedoraproject debian	2.4
2020-06-12	CVE-2020-4048	In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. network low complexity wordpress fedoraproject debian	5.7
2020-06-12	CVE-2020-4047	In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. network low complexity wordpress fedoraproject debian	6.8
2020-06-12	CVE-2020-4046	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. network low complexity wordpress debian fedoraproject CWE-79	5.4