Wordpress

Wordpress

377 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-39999

Exploit
  • EPSS 0.9%
  • Veröffentlicht 13.10.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:12

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 th...

5.4

CVE-2023-38000

Exploit
  • EPSS 0.35%
  • Veröffentlicht 13.10.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 08:12:40

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

6.1

CVE-2023-2745

  • EPSS 77.18%
  • Veröffentlicht 17.05.2023 09:15:10
  • Zuletzt bearbeitet 08.04.2026 19:18:19

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload...

5.3

CVE-2023-22622

  • EPSS 8.42%
  • Veröffentlicht 05.01.2023 02:15:07
  • Zuletzt bearbeitet 07.04.2025 19:15:49

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a t...

5.9

CVE-2022-3590

Exploit
  • EPSS 90.31%
  • Veröffentlicht 14.12.2022 09:15:09
  • Zuletzt bearbeitet 21.04.2025 15:15:51

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

6.1

CVE-2022-43497

  • EPSS 1.72%
  • Veröffentlicht 05.12.2022 04:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:37

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

6.1

CVE-2022-43500

  • EPSS 1.04%
  • Veröffentlicht 05.12.2022 04:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:37

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

5.3

CVE-2022-43504

  • EPSS 2.86%
  • Veröffentlicht 05.12.2022 04:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:37

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new p...

6.5

CVE-2011-1762

  • EPSS 0.42%
  • Veröffentlicht 18.04.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 01:26:59

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.

5.4

CVE-2022-21662

  • EPSS 14.24%
  • Veröffentlicht 06.01.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:10

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can af...