Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-20042
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions fr...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2019-16781
In WordPress prior to 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such ...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2017-17094
wp-includes/feed.php in WordPress prior to 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow malicious users to conduct XSS attacks via a crafted URL.
Wordpress Wordpress
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
3.5
CVSSv2
CVE-2017-17092
wp-includes/functions.php in WordPress prior to 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote malicious users to conduct XSS attacks via a crafted file.
Wordpress Wordpress
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
3.5
CVSSv2
CVE-2017-17093
wp-includes/general-template.php in WordPress prior to 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow malicious users to conduct XSS attacks via the language setting of a site.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 7.0
4.3
CVSSv2
CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5....
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-16217
WordPress prior to 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-17671
In WordPress prior to 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2019-17675
WordPress prior to 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »