CVE-2021-39202
- EPSS 0.82%
- Veröffentlicht 09.09.2021 22:15:09
- Zuletzt bearbeitet 21.11.2024 06:18:53
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTM...
CVE-2021-39203
- EPSS 0.94%
- Veröffentlicht 09.09.2021 22:15:09
- Zuletzt bearbeitet 21.11.2024 06:18:53
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in th...
CVE-2020-36326
- EPSS 3.1%
- Veröffentlicht 28.04.2021 03:15:07
- Zuletzt bearbeitet 21.11.2024 05:29:17
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were alway...
CVE-2021-29476
- EPSS 2.14%
- Veröffentlicht 27.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:01:13
Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.
CVE-2021-20083
- EPSS 4.19%
- Veröffentlicht 23.04.2021 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:45:53
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
CVE-2021-29450
- EPSS 2.33%
- Veröffentlicht 15.04.2021 22:15:12
- Zuletzt bearbeitet 21.11.2024 06:01:07
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with ...
CVE-2021-29447
- EPSS 85.72%
- Veröffentlicht 15.04.2021 21:15:17
- Zuletzt bearbeitet 21.11.2024 06:01:07
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files i...
CVE-2020-28038
- EPSS 2.61%
- Veröffentlicht 02.11.2020 21:15:31
- Zuletzt bearbeitet 21.11.2024 05:22:15
WordPress before 5.5.2 allows stored XSS via post slugs.
CVE-2020-28039
- EPSS 4.06%
- Veröffentlicht 02.11.2020 21:15:31
- Zuletzt bearbeitet 21.11.2024 05:22:15
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVE-2020-28040
- EPSS 1.07%
- Veröffentlicht 02.11.2020 21:15:31
- Zuletzt bearbeitet 21.11.2024 05:22:15
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.