VYPR

WordPress Core

by WordPress

Source repositories

CVEs (6)

  • CVE-2022-21661HigJan 6, 2022
    risk 0.56cvss 8.0epss 0.98

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been…

  • CVE-2024-4439HigMay 3, 2024
    risk 0.45cvss 7.2epss 0.71

    WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and…

  • CVE-2024-6307MedJun 25, 2024
    risk 0.42cvss 6.4epss 0.00

    WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to…

  • CVE-2023-2745MedMay 17, 2023
    risk 0.37cvss 5.4epss 0.80

    WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation…

  • CVE-2023-5692MedApr 5, 2024
    risk 0.35cvss 5.3epss 0.01

    WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set…

  • CVE-2022-4973MedOct 16, 2024
    risk 0.32cvss 4.9epss 0.00

    WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary…