| CVE-2019-8943 |
AVG-909 |
High |
Yes |
Directory traversal |
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an... |
| CVE-2019-8942 |
AVG-910 |
Critical |
Yes |
Arbitrary code execution |
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string,... |
| CVE-2017-6819 |
AVG-202 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS)... |
| CVE-2017-6818 |
AVG-202 |
Medium |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 (wp-admin/js/tags-box.js) via taxonomy term names. |
| CVE-2017-6817 |
AVG-202 |
Medium |
Yes |
Cross-site scripting |
An authenticated cross-site scripting (XSS) vulnerability has been discovered in in WordPress before 4.7.3 (wp-includes/embed.php) via YouTube URL Embeds. |
| CVE-2017-6816 |
AVG-202 |
Medium |
Yes |
Insufficient validation |
It has been discovered that unintended files can be deleted by administrators in WordPress before 4.7.3 (wp-admin/plugins.php) using the plugin deletion... |
| CVE-2017-6815 |
AVG-202 |
Medium |
Yes |
Insufficient validation |
A vulnerability has been discovered in WordPress before 4.7.3 (wp- includes/pluggable.php) that certain control characters can trick redirect URL validation. |
| CVE-2017-6814 |
AVG-202 |
Medium |
Yes |
Cross-site scripting |
An authenticated cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 via Media File Metadata. This is demonstrated by... |
| CVE-2017-5493 |
AVG-142 |
Low |
Yes |
Insufficient validation |
An insufficient validation vulnerability has been discovered in wordpress leading to weak cryptographic security for multisite activation key. |
| CVE-2017-5492 |
AVG-142 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) vulnerability has been discovered in wordpress in the accessibility mode of widget editing. |
| CVE-2017-5491 |
AVG-142 |
Low |
Yes |
Access restriction bypass |
A vulnerability has been discovered in wordpress allowing to post via email as it checks for mail.example.com if default settings aren't changed. |
| CVE-2017-5490 |
AVG-142 |
High |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via theme name fallback. |
| CVE-2017-5489 |
AVG-142 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file. |
| CVE-2017-5488 |
AVG-142 |
High |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via the plugin name or version header on update-core.php. |
| CVE-2017-5487 |
AVG-142 |
Medium |
Yes |
Access restriction bypass |
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress... |
| CVE-2016-10045 |
AVG-142 |
High |
Yes |
Arbitrary code execution |
It has been discovered that the first patch of the vulnerability CVE-2016-10033 in PHPMailer was incomplete and could potentially still be used by... |
| CVE-2016-10033 |
AVG-142 |
High |
Yes |
Arbitrary code execution |
A vulnerability has been discovered in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code... |
| CVE-2016-7169 |
AVG-39 |
High |
Yes |
Directory traversal |
A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. |
| CVE-2016-7168 |
AVG-39 |
Medium |
Yes |
Cross-site scripting |
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin... |