WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
CVE-2018-10102
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
CVE-2014-6412
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2014-6412
WordPress before 4.4 makes it easier for remote attackers to predict p ...
CVE-2014-6412
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a deni ...
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-10101 Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | CVSS3: 6.1 | 7% Низкий | больше 7 лет назад |
| CVE-2018-10100 Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | CVSS3: 6.1 | 5% Низкий | больше 7 лет назад |
| CVE-2018-10102 Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | CVSS3: 6.1 | 3% Низкий | больше 7 лет назад |
 | CVE-2014-6412 WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | CVSS3: 8.1 | 2% Низкий | больше 7 лет назад |
| CVE-2014-6412 WordPress before 4.4 makes it easier for remote attackers to predict p ... | CVSS3: 8.1 | 2% Низкий | больше 7 лет назад |
| CVE-2014-6412 WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | CVSS3: 8.1 | 2% Низкий | больше 7 лет назад |
| CVE-2018-6389 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | CVSS3: 7.5 | 88% Высокий | больше 7 лет назад |
| CVE-2018-6389 In WordPress through 4.9.2, unauthenticated attackers can cause a deni ... | CVSS3: 7.5 | 88% Высокий | больше 7 лет назад |
| CVE-2018-6389 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | CVSS3: 7.5 | 88% Высокий | больше 7 лет назад |
| CVE-2018-5776 WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | CVSS3: 6.1 | 2% Низкий | больше 7 лет назад |
Уязвимостей на страницу