Published: 14/12/2018 Updated: 24/08/2020

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #916403 wordpress: Several security issues versions 38-50 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Thu, 13 Dec 2018 23:51:02 UTC Severity: normal Tags: security, upstream Found in version wor ...

Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash For the stable distribution (stretch), ...

CWE-863 https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/https://wordpress.org/support/wordpress-version/version-5-0-1/https://codex.wordpress.org/Version_4.9.9 https://wpvulndb.com/vulnerabilities/9169 http://www.securityfocus.com/bid/106220 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://www.debian.org/security/2019/dsa-4401 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4401

CVE-2018-20147

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect