WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
GHSA-rvwm-8qg8-4hp8
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .
GHSA-h8vf-v4qw-mvq4
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.
GHSA-hm6q-fjph-v26v
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .
CVE-2022-43504
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.
CVE-2022-43504
Improper authentication vulnerability in WordPress versions prior to 6 ...
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-3590 WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | CVSS3: 5.9 | 88% Высокий | около 3 лет назад |
| GHSA-rvwm-8qg8-4hp8 Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-h8vf-v4qw-mvq4 Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. | CVSS3: 5.3 | 6% Низкий | около 3 лет назад |
| GHSA-hm6q-fjph-v26v Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
 | CVE-2022-43504 Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. | CVSS3: 5.3 | 6% Низкий | около 3 лет назад |
| CVE-2022-43504 Improper authentication vulnerability in WordPress versions prior to 6 ... | CVSS3: 5.3 | 6% Низкий | около 3 лет назад |
| CVE-2022-43500 Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| CVE-2022-43500 Cross-site scripting vulnerability in WordPress versions prior to 6.0. ... | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| CVE-2022-43497 Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| CVE-2022-43497 Cross-site scripting vulnerability in WordPress versions prior to 6.0. ... | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу