wordpress vulnerabilities and exploits

(subscribe to this query)

NA

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other...

8.6

CVSSv3

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF....

2 Github repositories available

6.1

CVSSv3

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session....

1 Github repository available

8.8

CVSSv3

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials....

2 Github repositories available

6.1

CVSSv3

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename....

9 Github repositories available

8.6

CVSSv3

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API....

2 Github repositories available

7.5

CVSSv3

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API....

1 Github repository available

NA

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames....

NA

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."...

NA

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects....

« PREV 1 2 3 4 5 6 7 8 9 NEXT »