WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 896

CVE-2022-43500

почти 3 года назад

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

CVSS3: 6.1

EPSS: Низкий

CVE-2022-43497

почти 3 года назад

CVSS3: 6.1

EPSS: Низкий

CVE-2022-43504

почти 3 года назад

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

CVSS3: 5.3

EPSS: Низкий

GHSA-8fxj-85rv-jj93

больше 3 лет назад

WordPress before 5.2.3 allows reflected XSS in the dashboard.

CVSS3: 6.1

EPSS: Низкий

GHSA-3mv4-59rc-qvqm

больше 3 лет назад

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

CVSS3: 5.4

EPSS: Низкий

GHSA-j28g-8c73-vhw9

больше 3 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

CVSS3: 6.1

EPSS: Низкий

GHSA-f824-fhqw-5fwj

больше 3 лет назад

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.

CVSS3: 6.1

EPSS: Низкий

GHSA-hqq8-34fg-q5jj

больше 3 лет назад

WordPress before 5.2.3 allows XSS in shortcode previews.

CVSS3: 6.1

EPSS: Низкий

GHSA-3rc6-mcgh-8jqq

больше 3 лет назад

WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.

CVSS3: 6.1

EPSS: Низкий

GHSA-v5hr-6h2c-gx45

больше 3 лет назад

WordPress before 5.2.3 allows XSS in stored comments.

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2022-43500 Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.	CVSS3: 6.1	1% Низкий	почти 3 года назад
CVE-2022-43497 Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.	CVSS3: 6.1	1% Низкий	почти 3 года назад
CVE-2022-43504 Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.	CVSS3: 5.3	1% Низкий	почти 3 года назад
GHSA-8fxj-85rv-jj93 WordPress before 5.2.3 allows reflected XSS in the dashboard.	CVSS3: 6.1	4% Низкий	больше 3 лет назад
GHSA-3mv4-59rc-qvqm WordPress before 5.2.3 allows XSS in post previews by authenticated users.	CVSS3: 5.4	3% Низкий	больше 3 лет назад
GHSA-j28g-8c73-vhw9 WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.	CVSS3: 6.1	4% Низкий	больше 3 лет назад
GHSA-f824-fhqw-5fwj In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.	CVSS3: 6.1	2% Низкий	больше 3 лет назад
GHSA-hqq8-34fg-q5jj WordPress before 5.2.3 allows XSS in shortcode previews.	CVSS3: 6.1	4% Низкий	больше 3 лет назад
GHSA-3rc6-mcgh-8jqq WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.	CVSS3: 6.1	3% Низкий	больше 3 лет назад
GHSA-v5hr-6h2c-gx45 WordPress before 5.2.3 allows XSS in stored comments.	CVSS3: 6.1	4% Низкий	больше 3 лет назад

Уязвимостей на страницу