Search CVE reports
41 – 50 of 360 results
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2,...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | — | Not affected | Not affected | Not affected |
WordPress before 5.5.2 allows CSRF attacks that change a theme’s background image.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
WordPress before 5.5.2 allows stored XSS via post slugs.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |