Vulnerabilities > Wordpress > Wordpress > 5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-12 | CVE-2020-4046 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. | 5.4 |
| 2020-04-30 | CVE-2020-11030 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. | 3.5 |
| 2020-04-30 | CVE-2020-11029 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. | 6.1 |
| 2020-04-30 | CVE-2020-11028 | Missing Authentication for Critical Function vulnerability in multiple products In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. | 4.3 |
| 2020-04-30 | CVE-2020-11027 | Operation on a Resource after Expiration or Release vulnerability in multiple products In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. | 8.1 |
| 2020-04-30 | CVE-2020-11026 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. | 5.4 |
| 2020-04-30 | CVE-2020-11025 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. | 3.5 |
| 2018-11-16 | CVE-2018-19296 | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 |