WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 894
CVE-2017-6818
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...
CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...
CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...
CVE-2017-6815
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
CVE-2017-6815
In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...
CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2017-6818 In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ... | CVSS3: 6.1 | 5% Низкий | больше 8 лет назад |
 | CVE-2017-6817 In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | CVSS3: 5.4 | 3% Низкий | больше 8 лет назад |
| CVE-2017-6817 In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ... | CVSS3: 5.4 | 3% Низкий | больше 8 лет назад |
| CVE-2017-6816 In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | CVSS3: 4.9 | 2% Низкий | больше 8 лет назад |
| CVE-2017-6816 In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ... | CVSS3: 4.9 | 2% Низкий | больше 8 лет назад |
| CVE-2017-6815 In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | CVSS3: 6.1 | 5% Низкий | больше 8 лет назад |
| CVE-2017-6815 In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ... | CVSS3: 6.1 | 5% Низкий | больше 8 лет назад |
| CVE-2017-6814 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | CVSS3: 5.4 | 1% Низкий | больше 8 лет назад |
| CVE-2017-6814 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ... | CVSS3: 5.4 | 1% Низкий | больше 8 лет назад |
 | CVE-2017-6816 In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | CVSS3: 4.9 | 2% Низкий | больше 8 лет назад |
Уязвимостей на страницу