Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 355 results


CVE-2024-32111

Medium priority
Needs evaluation

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31111

Medium priority
Needs evaluation

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-6307

Medium priority
Needs evaluation

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers,...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-4439

Medium priority
Needs evaluation

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5692

Medium priority
Needs evaluation

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31211

Medium priority
Needs evaluation

WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31210

Medium priority
Needs evaluation

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5561

Medium priority
Needs evaluation

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-39999

Medium priority
Needs evaluation

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-38000

Medium priority
Needs evaluation

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <=...

1 affected packages

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages