WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
BDU:2023-07524
Уязвимость функции qsm_remove_file_fd_question плагина The Quiz And Survey Master системы управления содержимым сайта WordPress, позволяющая нарушителю удалять произвольные файлы
GHSA-pmh6-cq54-943m
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
CVE-2023-22622
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
CVE-2023-22622
WordPress through 6.1.1 depends on unpredictable client visits to caus ...
CVE-2023-22622
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
GHSA-mjj5-7gmf-mfjx
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback ...
CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
GHSA-hm6q-fjph-v26v
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2023-07524 Уязвимость функции qsm_remove_file_fd_question плагина The Quiz And Survey Master системы управления содержимым сайта WordPress, позволяющая нарушителю удалять произвольные файлы | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| GHSA-pmh6-cq54-943m WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
 | CVE-2023-22622 WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| CVE-2023-22622 WordPress through 6.1.1 depends on unpredictable client visits to caus ... | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
 | CVE-2023-22622 WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| GHSA-mjj5-7gmf-mfjx WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | CVSS3: 5.9 | 10% Средний | больше 2 лет назад |
| CVE-2022-3590 WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | CVSS3: 5.9 | 10% Средний | больше 2 лет назад |
| CVE-2022-3590 WordPress is affected by an unauthenticated blind SSRF in the pingback ... | CVSS3: 5.9 | 10% Средний | больше 2 лет назад |
| CVE-2022-3590 WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | CVSS3: 5.9 | 10% Средний | больше 2 лет назад |
| GHSA-hm6q-fjph-v26v Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу