Published: 14/12/2018 Updated: 04/03/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #916403 wordpress: Several security issues versions 38-50 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Thu, 13 Dec 2018 23:51:02 UTC Severity: normal Tags: security, upstream Found in version wor ...

Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash For the stable distribution (stretch), ...

CWE-79 https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/https://wordpress.org/support/wordpress-version/version-5-0-1/https://codex.wordpress.org/Version_4.9.9 https://wpvulndb.com/vulnerabilities/9175 http://www.securityfocus.com/bid/106220 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://www.debian.org/security/2019/dsa-4401 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4401

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20149

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect