Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-5835

  • EPSS 1.94%
  • Published 29.06.2016 14:10:06
  • Last modified 12.04.2025 10:46:40

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.

6.1

CVE-2016-5834

  • EPSS 0.91%
  • Published 29.06.2016 14:10:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulne...

6.1

CVE-2016-5833

  • EPSS 0.91%
  • Published 29.06.2016 14:10:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a differe...

7.5

CVE-2016-5832

  • EPSS 1.73%
  • Published 29.06.2016 14:10:03
  • Last modified 12.04.2025 10:46:40

The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.

6.1

CVE-2016-4567

  • EPSS 3.88%
  • Published 22.05.2016 01:59:31
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction pa...

6.1

CVE-2016-4566

  • EPSS 5.99%
  • Published 22.05.2016 01:59:30
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

8.6

CVE-2016-2222

Exploit
  • EPSS 5.17%
  • Published 22.05.2016 01:59:15
  • Last modified 12.04.2025 10:46:40

The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/pr...

7.4

CVE-2016-2221

  • EPSS 3.47%
  • Published 22.05.2016 01:59:14
  • Last modified 12.04.2025 10:46:40

Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers in...

6.1

CVE-2016-1564

Exploit
  • EPSS 0.67%
  • Published 22.05.2016 01:59:13
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.

6.1

CVE-2015-8834

  • EPSS 0.75%
  • Published 22.05.2016 01:59:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...