WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 906
CVE-2018-20150
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an objec ...
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVE-2018-1000773
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
CVE-2018-1000773
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...
CVE-2018-1000773
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
CVE-2017-1000600
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9
CVE-2017-1000600
WordPress version <4.9 contains a CWE-20 Input Validation vulnerabilit ...
CVE-2017-1000600
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-20150 In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | CVSS3: 6.1 | 7% Низкий | около 7 лет назад |
 | CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an objec ... | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. | CVSS3: 8.8 | 24% Средний | больше 7 лет назад |
| CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ... | CVSS3: 8.8 | 24% Средний | больше 7 лет назад |
| CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. | CVSS3: 8.8 | 24% Средний | больше 7 лет назад |
| CVE-2017-1000600 WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 | CVSS3: 8.8 | 21% Средний | больше 7 лет назад |
| CVE-2017-1000600 WordPress version <4.9 contains a CWE-20 Input Validation vulnerabilit ... | CVSS3: 8.8 | 21% Средний | больше 7 лет назад |
| CVE-2017-1000600 WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 | CVSS3: 8.8 | 21% Средний | больше 7 лет назад |
Уязвимостей на страницу