VYPR

WordPress

by WordPress

Source repositories

CVEs (377)

  • CVE-2023-5561Oct 16, 2023
    risk 0.00cvss epss 0.04

    WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

  • CVE-2023-39999Oct 13, 2023
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5…

  • CVE-2022-43504Dec 5, 2022
    risk 0.00cvss epss 0.01

    Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all…

  • CVE-2022-43497Dec 5, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

  • CVE-2022-43500Dec 5, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

  • CVE-2011-1762Apr 18, 2022
    risk 0.00cvss epss 0.01

    A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.

  • CVE-2022-0220Feb 1, 2022
    risk 0.00cvss epss 0.02

    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be…

  • CVE-2022-21662Jan 6, 2022
    risk 0.00cvss epss 0.63

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users.…

  • CVE-2022-21663Jan 6, 2022
    risk 0.00cvss epss 0.04

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in…

  • CVE-2022-21664Jan 6, 2022
    risk 0.00cvss epss 0.04

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version…

  • CVE-2021-39203Sep 9, 2021
    risk 0.00cvss epss 0.01

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain…

  • CVE-2021-39202Sep 9, 2021
    risk 0.00cvss epss 0.01

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to…

  • CVE-2021-39201Sep 9, 2021
    risk 0.00cvss epss 0.01

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions…

  • CVE-2021-39200Sep 9, 2021
    risk 0.00cvss epss 0.02

    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to…

  • CVE-2021-29450Apr 15, 2021
    risk 0.00cvss epss 0.02

    Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions…

  • CVE-2020-28033Oct 31, 2020
    risk 0.00cvss epss 0.03

    WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.

  • CVE-2020-28034Oct 31, 2020
    risk 0.00cvss epss 0.02

    WordPress before 5.5.2 allows XSS associated with global variables.

  • CVE-2020-28036Oct 31, 2020
    risk 0.00cvss epss 0.05

    wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

  • CVE-2020-28040Oct 31, 2020
    risk 0.00cvss epss 0.01

    WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.

  • CVE-2020-28039Oct 31, 2020
    risk 0.00cvss epss 0.04

    is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.

Page 8 of 19