Vulnerabilities > Wordpress > Wordpress > 5.4.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-02 | CVE-2020-28036 | Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 9.8 |
2020-11-02 | CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | 9.8 |
2020-11-02 | CVE-2020-28034 | Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. | 6.1 |
2020-11-02 | CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 7.5 |
2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |
2020-09-13 | CVE-2020-25286 | Unspecified vulnerability in Wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 5.0 |
2020-06-12 | CVE-2020-4050 | Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. | 3.1 |
2020-06-12 | CVE-2020-4049 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. | 2.4 |
2020-06-12 | CVE-2020-4048 | Open Redirect vulnerability in multiple products In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. | 5.7 |
2020-06-12 | CVE-2020-4047 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. | 6.8 |