WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
GHSA-r95h-g3m2-8rgx
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
GHSA-pv54-xqw9-86jh
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
GHSA-ch98-pvvc-v52h
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
GHSA-279h-9ccj-88q7
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
GHSA-p8q3-wf3c-v265
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
GHSA-c5xx-92gp-xmp6
Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
GHSA-w5j7-j9wm-9x8q
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
GHSA-mmvc-933r-7cp3
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
GHSA-x63c-rx8f-jqj7
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.
GHSA-h3cp-cm99-c88r
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-r95h-g3m2-8rgx WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | CVSS3: 8.1 | 2% Низкий | больше 3 лет назад |
| GHSA-pv54-xqw9-86jh Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | CVSS3: 6.1 | 3% Низкий | больше 3 лет назад |
| GHSA-ch98-pvvc-v52h Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | CVSS3: 6.1 | 5% Низкий | больше 3 лет назад |
| GHSA-279h-9ccj-88q7 The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. | CVSS3: 7.5 | 5% Низкий | больше 3 лет назад |
| GHSA-p8q3-wf3c-v265 Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | 2% Низкий | больше 3 лет назад | |
| GHSA-c5xx-92gp-xmp6 Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 2% Низкий | больше 3 лет назад | |
| GHSA-w5j7-j9wm-9x8q Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 3% Низкий | больше 3 лет назад | |
| GHSA-mmvc-933r-7cp3 Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 3% Низкий | больше 3 лет назад | |
| GHSA-x63c-rx8f-jqj7 Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. | 1% Низкий | больше 3 лет назад | |
| GHSA-h3cp-cm99-c88r Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу