CVE-2016-4566
- EPSS 5.36%
- Veröffentlicht 22.05.2016 01:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
CVE-2016-2222
- EPSS 9.28%
- Veröffentlicht 22.05.2016 01:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/pr...
CVE-2016-2221
- EPSS 4.7%
- Veröffentlicht 22.05.2016 01:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers in...
CVE-2016-1564
- EPSS 2.69%
- Veröffentlicht 22.05.2016 01:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
CVE-2015-8834
- EPSS 1.78%
- Veröffentlicht 22.05.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...
CVE-2015-7989
- EPSS 2.15%
- Veröffentlicht 22.05.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
CVE-2015-5715
- EPSS 6.28%
- Veröffentlicht 22.05.2016 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, ...
CVE-2015-5714
- EPSS 6.39%
- Veröffentlicht 22.05.2016 01:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
CVE-2015-5734
- EPSS 7.43%
- Veröffentlicht 09.11.2015 11:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
CVE-2015-5733
- EPSS 5.64%
- Veröffentlicht 09.11.2015 11:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.