WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2012-6707 WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ... | CVSS3: 7.5 | 0% Низкий | около 8 лет назад |
 | CVE-2012-6707 WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | CVSS3: 7.5 | 0% Низкий | около 8 лет назад |
 | CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | CVSS3: 4.7 | 1% Низкий | около 8 лет назад |
| CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ... | CVSS3: 4.7 | 1% Низкий | около 8 лет назад |
| CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | CVSS3: 4.7 | 1% Низкий | около 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | CVSS3: 6.5 | 0% Низкий | около 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ... | CVSS3: 6.5 | 0% Низкий | около 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | CVSS3: 6.5 | 0% Низкий | около 8 лет назад |
| CVE-2017-14726 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | CVSS3: 6.1 | 5% Низкий | около 8 лет назад |
| CVE-2017-14726 Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ... | CVSS3: 6.1 | 5% Низкий | около 8 лет назад |
Уязвимостей на страницу