Vulnerabilities > Wordpress > Wordpress > 5.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-20041 | Improper Input Validation vulnerability in multiple products wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | 9.8 |
| 2019-12-26 | CVE-2019-16781 | Cross-site Scripting vulnerability in multiple products In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. | 5.4 |
| 2019-12-26 | CVE-2019-16780 | Cross-site Scripting vulnerability in multiple products WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. | 5.4 |
| 2018-11-16 | CVE-2018-19296 | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 |