5.2.12

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-27	CVE-2019-20041	Improper Input Validation vulnerability in multiple products wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colon; substring. network low complexity wordpress debian CWE-20 critical	9.8
2019-12-26	CVE-2019-16781	Cross-site Scripting vulnerability in multiple products In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. network low complexity wordpress debian CWE-79	5.4
2019-12-26	CVE-2019-16780	Cross-site Scripting vulnerability in multiple products WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. network low complexity wordpress debian CWE-79	5.4
2018-11-16	CVE-2018-19296	PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. network low complexity phpmailer-project debian fedoraproject wordpress	8.8