Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wordpress
(Wordpress)| Repositories |
• https://github.com/WordPress/WordPress
• https://github.com/johndyer/mediaelement • https://github.com/moxiecode/moxieplayer • https://github.com/moxiecode/plupload |
| #Vulnerabilities | 351 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-23 | CVE-2017-14726 | Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | Wordpress | 6.1 | ||
| 2017-09-23 | CVE-2017-14725 | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | Wordpress | 5.4 | ||
| 2017-09-23 | CVE-2017-14724 | Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | Wordpress | 6.1 | ||
| 2017-09-23 | CVE-2017-14723 | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | Wordpress | 9.8 | ||
| 2017-09-23 | CVE-2017-14722 | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | Wordpress | 7.5 | ||
| 2017-09-23 | CVE-2017-14721 | Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | Wordpress | 6.1 | ||
| 2017-09-23 | CVE-2017-14720 | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | Wordpress | 6.1 | ||
| 2017-09-23 | CVE-2017-14719 | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | Wordpress | 7.5 | ||
| 2017-09-23 | CVE-2017-14718 | Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | Wordpress | 6.1 | ||
| 2018-09-06 | CVE-2017-1000600 | WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 | Wordpress | 8.8 |