VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Wordpress
>
Wordpress
> 5.3.5
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2020-11-02
CVE-2020-28036
Missing Authorization vulnerability in multiple products
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
network
low complexity
wordpress
fedoraproject
debian
CWE-862
critical
9.8
9.8
2020-11-02
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
network
low complexity
wordpress
fedoraproject
debian
critical
9.8
9.8
2020-11-02
CVE-2020-28034
Cross-site Scripting vulnerability in multiple products
WordPress before 5.5.2 allows XSS associated with global variables.
network
low complexity
wordpress
fedoraproject
debian
CWE-79
6.1
6.1
2020-11-02
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
network
low complexity
wordpress
fedoraproject
debian
7.5
7.5
2020-11-02
CVE-2020-28032
Deserialization of Untrusted Data vulnerability in multiple products
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
network
low complexity
wordpress
fedoraproject
debian
CWE-502
critical
9.8
9.8
2020-04-30
CVE-2020-11028
Missing Authentication for Critical Function vulnerability in multiple products
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.
network
wordpress
debian
CWE-306
4.3
4.3
2018-11-16
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
network
low complexity
phpmailer-project
debian
fedoraproject
wordpress
8.8
8.8
«
Previous
1
2
3
(current)
»