Wordpress

Wordpress

360 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2025-54352

  • EPSS 0.06%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 22.07.2025 13:06:07

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.

9.8

CVE-2025-5396

  • EPSS 0.38%
  • Veröffentlicht 17.07.2025 01:44:54
  • Zuletzt bearbeitet 17.07.2025 21:15:50

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed direc...

7.2

CVE-2024-8699

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.05.2025 20:15:59
  • Zuletzt bearbeitet 28.05.2025 15:42:01

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

7.5

CVE-2025-2106

  • EPSS 0.12%
  • Veröffentlicht 13.03.2025 02:15:13
  • Zuletzt bearbeitet 13.03.2025 02:15:13

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and la...

6.5

CVE-2025-24588

  • EPSS 0.15%
  • Veröffentlicht 24.01.2025 18:15:35
  • Zuletzt bearbeitet 24.01.2025 18:15:35

Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.

6.1

CVE-2024-10519

  • EPSS 1.34%
  • Veröffentlicht 23.11.2024 10:15:03
  • Zuletzt bearbeitet 12.07.2025 00:29:04

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This m...

5.4

CVE-2022-4973

  • EPSS 0.38%
  • Veröffentlicht 16.10.2024 07:15:12
  • Zuletzt bearbeitet 30.10.2024 15:58:30

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it...

6.4

CVE-2024-6307

  • EPSS 0.87%
  • Veröffentlicht 25.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 09:49:24

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-l...

7.2

CVE-2024-4439

  • EPSS 92.03%
  • Veröffentlicht 03.05.2024 06:15:14
  • Zuletzt bearbeitet 21.11.2024 09:42:50

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with c...

5.3

CVE-2023-5692

  • EPSS 0.66%
  • Veröffentlicht 05.04.2024 13:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:17

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_querya...