WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 894

CVE-2017-5610

больше 8 лет назад

wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...

CVSS3: 5.3

EPSS: Низкий

CVE-2017-5611

больше 8 лет назад

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

CVSS3: 9.8

EPSS: Средний

CVE-2017-5612

больше 8 лет назад

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-5610

больше 8 лет назад

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

CVSS3: 5.3

EPSS: Низкий

BDU:2021-00683

больше 8 лет назад

Уязвимость функции WP_Query (wp-includes/class-wp-query.php) системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольные SQL команды

CVSS3: 9.8

EPSS: Средний

CVE-2016-6897

больше 8 лет назад

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.

CVSS3: 6.5

EPSS: Средний

CVE-2016-6897

больше 8 лет назад

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...

CVSS3: 6.5

EPSS: Средний

CVE-2016-6896

больше 8 лет назад

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

CVSS3: 7.1

EPSS: Средний

CVE-2016-6896

больше 8 лет назад

Directory traversal vulnerability in the wp_ajax_update_plugin functio ...

CVSS3: 7.1

EPSS: Средний

CVE-2016-10148

больше 8 лет назад

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.

CVSS3: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2017-5610 wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...	CVSS3: 5.3	2% Низкий	больше 8 лет назад
CVE-2017-5611 SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.	CVSS3: 9.8	14% Средний	больше 8 лет назад
CVE-2017-5612 Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2017-5610 wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.	CVSS3: 5.3	2% Низкий	больше 8 лет назад
BDU:2021-00683 Уязвимость функции WP_Query (wp-includes/class-wp-query.php) системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольные SQL команды	CVSS3: 9.8	14% Средний	больше 8 лет назад
CVE-2016-6897 Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.	CVSS3: 6.5	29% Средний	больше 8 лет назад
CVE-2016-6897 Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...	CVSS3: 6.5	29% Средний	больше 8 лет назад
CVE-2016-6896 Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.	CVSS3: 7.1	17% Средний	больше 8 лет назад
CVE-2016-6896 Directory traversal vulnerability in the wp_ajax_update_plugin functio ...	CVSS3: 7.1	17% Средний	больше 8 лет назад
CVE-2016-10148 The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.	CVSS3: 4.3	0% Низкий	больше 8 лет назад

Уязвимостей на страницу