Search
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1688 | 1 Wordpress | 1 Wordpress | 2023-12-28 | 5.0 MEDIUM | N/A |
| Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | |||||
| CVE-2012-6527 | 2 Joedolson, Wordpress | 2 My Calendar, Wordpress | 2023-12-26 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2023-39999 | 1 Wordpress | 1 Wordpress | 2023-11-20 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | |||||
| CVE-2023-5561 | 1 Wordpress | 1 Wordpress | 2023-11-20 | N/A | 5.3 MEDIUM |
| WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack | |||||
| CVE-2012-4242 | 2 Mf Gig Calendar Project, Wordpress | 2 Mf Gig Calendar, Wordpress | 2023-08-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | |||||
| CVE-2022-21663 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-07-28 | 6.5 MEDIUM | 7.2 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2022-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | |||||
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2022-06-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows XSS associated with global variables. | |||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows stored XSS via post slugs. | |||||
| CVE-2020-28033 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | |||||
| CVE-2020-28032 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | |||||
| CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | |||||
| CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | |||||
| CVE-2020-28037 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | |||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | |||||
| CVE-2022-21662 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-02-10 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-21664 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2021-29447 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. | |||||
| CVE-2021-39200 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-14 | 4.3 MEDIUM | 5.3 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. | |||||
| CVE-2021-39201 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) | |||||
| CVE-2021-44223 | 1 Wordpress | 1 Wordpress | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. | |||||
| CVE-2018-12895 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. | |||||
| CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2021-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | |||||
| CVE-2016-10045 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2021-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. | |||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2021-09-30 | 10.0 HIGH | N/A |
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | |||||
| CVE-2021-39203 | 1 Wordpress | 1 Wordpress | 2021-09-24 | 6.0 MEDIUM | 6.5 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release. | |||||
| CVE-2021-39202 | 1 Wordpress | 1 Wordpress | 2021-09-24 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8. | |||||
| CVE-2020-11028 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-09-14 | 4.3 MEDIUM | 7.5 HIGH |
| In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2012-0287 | 2 Microsoft, Wordpress | 2 Internet Explorer, Wordpress | 2021-07-23 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. | |||||
| CVE-2019-17673 | 1 Wordpress | 1 Wordpress | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | |||||
| CVE-2020-26596 | 2 Elementor, Wordpress | 2 Elementor Pro, Wordpress | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. | |||||
| CVE-2019-8942 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | |||||
| CVE-2020-36326 | 2 Phpmailer Project, Wordpress | 2 Phpmailer, Wordpress | 2021-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. | |||||
| CVE-2018-19296 | 4 Debian, Fedoraproject, Phpmailer Project and 1 more | 4 Debian Linux, Fedora, Phpmailer and 1 more | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | |||||
| CVE-2021-29450 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-04-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. | |||||
| CVE-2008-5695 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2021-04-21 | 8.5 HIGH | N/A |
| wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. | |||||
| CVE-2019-8943 | 1 Wordpress | 1 Wordpress | 2021-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2019-16223 | 1 Wordpress | 1 Wordpress | 2021-01-04 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.3 allows XSS in post previews by authenticated users. | |||||
| CVE-2020-4049 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2020-12-23 | 3.5 LOW | 2.4 LOW |
| In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2020-25286 | 1 Wordpress | 1 Wordpress | 2020-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | |||||
| CVE-2019-17670 | 1 Wordpress | 1 Wordpress | 2020-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | |||||
| CVE-2020-4047 | 1 Wordpress | 1 Wordpress | 2020-09-11 | 3.5 LOW | 6.8 MEDIUM |
| In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2020-4048 | 1 Wordpress | 1 Wordpress | 2020-09-11 | 4.9 MEDIUM | 5.7 MEDIUM |
| In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2020-4050 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2020-09-11 | 6.0 MEDIUM | 3.1 LOW |
| In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2018-20147 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. | |||||
| CVE-2012-3434 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2020-07-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. | |||||
| CVE-2012-0896 | 3 Count Per Day Project, Tom Braider, Wordpress | 3 Count Per Day, Count Per Day, Wordpress | 2020-07-13 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | |||||