VYPR

Core

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-6307MedJun 25, 2024
    risk 0.42cvss 6.4epss 0.00

    WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to…

  • CVE-2023-2745MedMay 17, 2023
    risk 0.37cvss 5.4epss 0.80

    WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation…

  • CVE-2022-4973Oct 16, 2024
    risk 0.00cvss epss 0.00

    WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary…

  • CVE-2023-38000Oct 13, 2023
    risk 0.00cvss epss 0.01

    Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.