WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 896

CVE-2017-6819

больше 8 лет назад

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...

CVSS3: 6.5

EPSS: Средний

CVE-2017-6818

больше 8 лет назад

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6818

больше 8 лет назад

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6817

больше 8 лет назад

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

CVSS3: 5.4

EPSS: Низкий

CVE-2017-6817

больше 8 лет назад

In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...

CVSS3: 5.4

EPSS: Низкий

CVE-2017-6816

больше 8 лет назад

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CVSS3: 4.9

EPSS: Низкий

CVE-2017-6816

больше 8 лет назад

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...

CVSS3: 4.9

EPSS: Низкий

CVE-2017-6815

больше 8 лет назад

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6815

больше 8 лет назад

In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6814

больше 8 лет назад

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2017-6819 In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...	CVSS3: 6.5	13% Средний	больше 8 лет назад
CVE-2017-6818 In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.	CVSS3: 6.1	9% Низкий	больше 8 лет назад
CVE-2017-6818 In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...	CVSS3: 6.1	9% Низкий	больше 8 лет назад
CVE-2017-6817 In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.	CVSS3: 5.4	6% Низкий	больше 8 лет назад
CVE-2017-6817 In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...	CVSS3: 5.4	6% Низкий	больше 8 лет назад
CVE-2017-6816 In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.	CVSS3: 4.9	2% Низкий	больше 8 лет назад
CVE-2017-6816 In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...	CVSS3: 4.9	2% Низкий	больше 8 лет назад
CVE-2017-6815 In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.	CVSS3: 6.1	6% Низкий	больше 8 лет назад
CVE-2017-6815 In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...	CVSS3: 6.1	6% Низкий	больше 8 лет назад
CVE-2017-6814 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.	CVSS3: 5.4	2% Низкий	больше 8 лет назад

Уязвимостей на страницу