WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 906
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2012-6707 WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | CVE-2012-6707 WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | CVSS3: 4.7 | 1% Низкий | больше 8 лет назад |
| CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ... | CVSS3: 4.7 | 1% Низкий | больше 8 лет назад |
| CVE-2016-9263 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | CVSS3: 4.7 | 1% Низкий | больше 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | CVSS3: 6.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ... | CVSS3: 6.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-14990 WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | CVSS3: 6.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-14726 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | CVSS3: 6.1 | 6% Низкий | больше 8 лет назад |
| CVE-2017-14726 Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ... | CVSS3: 6.1 | 6% Низкий | больше 8 лет назад |
Уязвимостей на страницу