CVE-2020-28032
- EPSS 16.12%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:14
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVE-2020-28033
- EPSS 2.62%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:14
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
CVE-2020-28034
- EPSS 1.7%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:14
WordPress before 5.5.2 allows XSS associated with global variables.
CVE-2020-28035
- EPSS 4.2%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:14
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
CVE-2020-28036
- EPSS 5.02%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:15
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
CVE-2020-28037
- EPSS 7.74%
- Veröffentlicht 02.11.2020 21:15:30
- Zuletzt bearbeitet 21.11.2024 05:22:15
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial ...
CVE-2020-25286
- EPSS 1.93%
- Veröffentlicht 13.09.2020 18:15:10
- Zuletzt bearbeitet 21.11.2024 05:17:52
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
CVE-2020-8203
- EPSS 5.21%
- Veröffentlicht 15.07.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:38:29
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-4046
- EPSS 2.36%
- Veröffentlicht 12.06.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:32:12
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this coul...
CVE-2020-4047
- EPSS 3.63%
- Veröffentlicht 12.06.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:32:13
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privilege...