Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-20148
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2 Github repositories
5.8
CVSSv2
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2018-20151
In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
3.5
CVSSv2
CVE-2020-11025
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
3.5
CVSSv2
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all t...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
3.5
CVSSv2
CVE-2019-17674
WordPress prior to 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2019-17672
WordPress prior to 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-17673
WordPress prior to 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4
CVSSv2
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote malicious users to hijack unactivated user accounts by leveraging database read access (such as access...
Wordpress Wordpress 4.8.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »