exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 1 906

CVE-2018-10100

почти 8 лет назад

Before WordPress 4.9.5, the redirection URL for the login page was not ...

CVSS3: 6.1

EPSS: Низкий

CVE-2018-1000773

больше 7 лет назад

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.

CVSS3: 8.8

EPSS: Средний

CVE-2018-1000773

больше 7 лет назад

CVSS3: 8.8

EPSS: Средний

CVE-2018-1000773

больше 7 лет назад

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...

CVSS3: 8.8

EPSS: Средний

CVE-2017-9066

больше 8 лет назад

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9066

больше 8 лет назад

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9066

больше 8 лет назад

In WordPress before 4.7.5, there is insufficient redirect validation i ...

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9065

больше 8 лет назад

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

CVSS3: 7.5

EPSS: Низкий

CVE-2017-9065

больше 8 лет назад

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

CVSS3: 7.5

EPSS: Низкий

CVE-2017-9065

больше 8 лет назад

In WordPress before 4.7.5, there is a lack of capability checks for po ...

CVSS3: 7.5

EPSS: Низкий

CVE-2017-9064

больше 8 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

CVSS3: 8.8

EPSS: Низкий

CVE-2017-9064

больше 8 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

CVSS3: 8.8

EPSS: Низкий

CVE-2017-9064

больше 8 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...

CVSS3: 8.8

EPSS: Низкий

CVE-2017-9063

больше 8 лет назад

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-9063

больше 8 лет назад

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-9063

больше 8 лет назад

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...

CVSS3: 6.1

EPSS: Низкий

CVE-2017-9062

больше 8 лет назад

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9062

больше 8 лет назад

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9062

больше 8 лет назад

In WordPress before 4.7.5, there is improper handling of post meta dat ...

CVSS3: 8.6

EPSS: Низкий

CVE-2017-9061

больше 8 лет назад

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-10100 Before WordPress 4.9.5, the redirection URL for the login page was not ...	CVSS3: 6.1	7% Низкий	почти 8 лет назад
CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.	CVSS3: 8.8	24% Средний	больше 7 лет назад
CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.	CVSS3: 8.8	24% Средний	больше 7 лет назад
CVE-2018-1000773 WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...	CVSS3: 8.8	24% Средний	больше 7 лет назад
CVE-2017-9066 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.	CVSS3: 8.6	1% Низкий	больше 8 лет назад
CVE-2017-9066 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.	CVSS3: 8.6	1% Низкий	больше 8 лет назад
CVE-2017-9066 In WordPress before 4.7.5, there is insufficient redirect validation i ...	CVSS3: 8.6	1% Низкий	больше 8 лет назад
CVE-2017-9065 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.	CVSS3: 7.5	4% Низкий	больше 8 лет назад
CVE-2017-9065 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.	CVSS3: 7.5	4% Низкий	больше 8 лет назад
CVE-2017-9065 In WordPress before 4.7.5, there is a lack of capability checks for po ...	CVSS3: 7.5	4% Низкий	больше 8 лет назад
CVE-2017-9064 In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.	CVSS3: 8.8	1% Низкий	больше 8 лет назад
CVE-2017-9064 In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.	CVSS3: 8.8	1% Низкий	больше 8 лет назад
CVE-2017-9064 In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...	CVSS3: 8.8	1% Низкий	больше 8 лет назад
CVE-2017-9063 In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2017-9063 In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2017-9063 In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2017-9062 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.	CVSS3: 8.6	2% Низкий	больше 8 лет назад
CVE-2017-9062 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.	CVSS3: 8.6	2% Низкий	больше 8 лет назад
CVE-2017-9062 In WordPress before 4.7.5, there is improper handling of post meta dat ...	CVSS3: 8.6	2% Низкий	больше 8 лет назад
CVE-2017-9061 In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.	CVSS3: 6.1	3% Низкий	больше 8 лет назад

Уязвимостей на страницу