Vulnerabilities > Wordpress > Wordpress > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-11 | CVE-2019-16222 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | 6.1 |
2019-09-11 | CVE-2019-16221 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. | 6.1 |
2019-09-11 | CVE-2019-16220 | Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | 6.1 |
2019-09-11 | CVE-2019-16219 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in shortcode previews. | 6.1 |
2019-09-11 | CVE-2019-16218 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in stored comments. | 6.1 |
2019-09-11 | CVE-2019-16217 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | 6.1 |
2019-03-14 | CVE-2019-9787 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. | 6.8 |
2019-02-20 | CVE-2019-8943 | Path Traversal vulnerability in Wordpress WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). | 4.0 |
2019-02-20 | CVE-2019-8942 | Code Injection vulnerability in multiple products WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. | 6.5 |
2018-12-14 | CVE-2018-20153 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | 3.5 |