Vulnerabilities > Wordpress > Wordpress > 5.1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-28036 | Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 9.8 |
| 2020-11-02 | CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | 9.8 |
| 2020-11-02 | CVE-2020-28034 | Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. | 6.1 |
| 2020-11-02 | CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 7.5 |
| 2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |
| 2020-09-13 | CVE-2020-25286 | Unspecified vulnerability in Wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 5.0 |
| 2020-04-30 | CVE-2020-11030 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. | 3.5 |
| 2020-04-30 | CVE-2020-11028 | Missing Authentication for Critical Function vulnerability in multiple products In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. | 4.3 |
| 2020-04-30 | CVE-2020-11025 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. | 3.5 |
| 2019-12-27 | CVE-2019-20043 | Improper Privilege Management vulnerability in multiple products In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. | 4.3 |