Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-16221
WordPress prior to 5.2.3 allows reflected XSS in the dashboard.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-16218
WordPress prior to 5.2.3 allows XSS in stored comments.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
4.3
CVSSv2
CVE-2019-16217
WordPress prior to 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-16219
WordPress prior to 5.2.3 allows XSS in shortcode previews.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2019-17669
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2019-16223
WordPress prior to 5.2.3 allows XSS in post previews by authenticated users.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv2
CVE-2019-20041
wp_kses_bad_protocol in wp-includes/kses.php in WordPress prior to 5.3.1 mishandles the HTML5 colon named entity, allowing malicious users to bypass input sanitization, as demonstrated by the javascript: substring.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-16222
WordPress prior to 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2021-4096
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for malicious users to upload malicious files that could be used to gain webshell access to a server in versions up to, and including,...
Radykal Fancy Product Designer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6