Search CVE reports


Toggle filters

41 – 50 of 360 results


CVE-2020-4048

Medium priority
Needs evaluation

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2,...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-4047

Medium priority
Needs evaluation

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-4046

Medium priority
Needs evaluation

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-35539

Medium priority
Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Not affected Not affected
Show less packages

CVE-2020-28040

Low priority
Needs evaluation

WordPress before 5.5.2 allows CSRF attacks that change a theme’s background image.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-28039

Medium priority
Needs evaluation

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-28038

Medium priority
Needs evaluation

WordPress before 5.5.2 allows stored XSS via post slugs.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-28037

Medium priority
Needs evaluation

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-28036

Low priority
Needs evaluation

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-28035

Medium priority
Needs evaluation

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages