Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2019-16220
In WordPress prior to 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
383
VMScore
CVE-2019-16221
WordPress prior to 5.2.3 allows reflected XSS in the dashboard.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
606
VMScore
CVE-2019-17675
WordPress prior to 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
505
VMScore
CVE-2019-17671
In WordPress prior to 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
1 Github repository
384
VMScore
CVE-2019-16222
WordPress prior to 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
668
VMScore
CVE-2019-20041
wp_kses_bad_protocol in wp-includes/kses.php in WordPress prior to 5.3.1 mishandles the HTML5 colon named entity, allowing malicious users to bypass input sanitization, as demonstrated by the javascript: substring.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
668
VMScore
CVE-2019-17669
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
312
VMScore
CVE-2019-16223
WordPress prior to 5.2.3 allows XSS in post previews by authenticated users.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
605
VMScore
CVE-2021-4096
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for malicious users to upload malicious files that could be used to gain webshell access to a server in versions up to, and including,...
Radykal Fancy Product Designer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6