Логотип exploitDog
product: "wordpress"
Консоль
Логотип exploitDog

exploitDog

product: "wordpress"
WordPress

WordPressсвободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress
Вендор: Wordpress

График релизов

6.46.56.66.76.86.920232024202520262027

Недавние уязвимости WordPress

Количество 1 906

debian логотип

CVE-2014-5265

больше 11 лет назад

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2014-5240

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

CVSS2: 2.1
EPSS: Низкий
debian логотип

CVE-2014-5240

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2014-5205

больше 11 лет назад

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

CVSS2: 6.8
EPSS: Низкий
debian логотип

CVE-2014-5205

больше 11 лет назад

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ...

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2014-5204

больше 11 лет назад

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

CVSS2: 6.8
EPSS: Низкий
debian логотип

CVE-2014-5204

больше 11 лет назад

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ...

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2014-5203

больше 11 лет назад

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

CVSS2: 7.5
EPSS: Низкий
debian логотип

CVE-2014-5203

больше 11 лет назад

wp-includes/class-wp-customize-widgets.php in the widget implementatio ...

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2014-5203

больше 11 лет назад

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2014-5265

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...

CVSS2: 5
7%
Низкий
больше 11 лет назад
nvd логотип
CVE-2014-5240

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

CVSS2: 2.1
1%
Низкий
больше 11 лет назад
debian логотип
CVE-2014-5240

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...

CVSS2: 2.1
1%
Низкий
больше 11 лет назад
nvd логотип
CVE-2014-5205

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

CVSS2: 6.8
0%
Низкий
больше 11 лет назад
debian логотип
CVE-2014-5205

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ...

CVSS2: 6.8
0%
Низкий
больше 11 лет назад
nvd логотип
CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

CVSS2: 6.8
0%
Низкий
больше 11 лет назад
debian логотип
CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ...

CVSS2: 6.8
0%
Низкий
больше 11 лет назад
nvd логотип
CVE-2014-5203

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

CVSS2: 7.5
7%
Низкий
больше 11 лет назад
debian логотип
CVE-2014-5203

wp-includes/class-wp-customize-widgets.php in the widget implementatio ...

CVSS2: 7.5
7%
Низкий
больше 11 лет назад
ubuntu логотип
CVE-2014-5203

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

CVSS2: 7.5
7%
Низкий
больше 11 лет назад

Уязвимостей на страницу


Поделиться