Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2018-10102
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2018-20151
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
3.5
CVSSv2
CVE-2020-11025
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
3.5
CVSSv2
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all t...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
4.3
CVSSv2
CVE-2019-17672
WordPress prior to 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-17673
WordPress prior to 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2019-17674
WordPress prior to 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4
CVSSv2
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote malicious users to hijack unactivated user accounts by leveraging database read access (such as access...
Wordpress Wordpress 4.8.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »