WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 896

CVE-2016-6635

больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ...

CVSS3: 8.8

EPSS: Низкий

CVE-2016-6634

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-6634

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the network settings page ...

CVSS3: 6.1

EPSS: Низкий

CVE-2016-4029

больше 9 лет назад

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-4029

больше 9 лет назад

WordPress before 4.5 does not consider octal and hexadecimal IP addres ...

CVSS3: 8.6

EPSS: Низкий

CVE-2016-6634

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-4029

больше 9 лет назад

CVSS3: 8.6

EPSS: Низкий

CVE-2016-6635

больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.

CVSS3: 8.8

EPSS: Низкий

CVE-2016-5839

больше 9 лет назад

WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-5839

больше 9 лет назад

WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-6635 Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ...	CVSS3: 8.8	0% Низкий	больше 9 лет назад
CVE-2016-6634 Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS3: 6.1	1% Низкий	больше 9 лет назад
CVE-2016-6634 Cross-site scripting (XSS) vulnerability in the network settings page ...	CVSS3: 6.1	1% Низкий	больше 9 лет назад
CVE-2016-4029 WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-4029 WordPress before 4.5 does not consider octal and hexadecimal IP addres ...	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-6634 Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS3: 6.1	1% Низкий	больше 9 лет назад
CVE-2016-4029 WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-6635 Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.	CVSS3: 8.8	0% Низкий	больше 9 лет назад
CVE-2016-5839 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.	CVSS3: 7.5	1% Низкий	больше 9 лет назад
CVE-2016-5839 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ...	CVSS3: 7.5	1% Низкий	больше 9 лет назад

Уязвимостей на страницу