WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
Max CVSS
7.2
EPSS Score
0.33%
Published
2022-01-06
Updated
2023-06-27
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.
Max CVSS
7.6
EPSS Score
0.05%
Published
2021-09-09
Updated
2021-09-24
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress)
Max CVSS
7.6
EPSS Score
0.11%
Published
2021-09-09
Updated
2021-12-14
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Max CVSS
7.1
EPSS Score
1.06%
Published
2021-04-15
Updated
2022-10-27
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
Max CVSS
7.5
EPSS Score
0.29%
Published
2020-11-02
Updated
2022-06-29
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Max CVSS
7.5
EPSS Score
0.27%
Published
2020-04-30
Updated
2021-09-14
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Max CVSS
7.5
EPSS Score
0.42%
Published
2019-10-17
Updated
2022-03-31
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Max CVSS
7.5
EPSS Score
1.03%
Published
2018-12-14
Updated
2019-03-04
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.
Max CVSS
7.2
EPSS Score
31.60%
Published
2018-08-10
Updated
2018-10-10
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Max CVSS
7.5
EPSS Score
37.06%
Published
2018-02-06
Updated
2019-03-01

CVE-2017-1001000

Public exploit
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
Max CVSS
7.5
EPSS Score
60.67%
Published
2017-04-03
Updated
2019-10-03
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Max CVSS
7.5
EPSS Score
0.30%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-09-23
Updated
2017-11-10
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Max CVSS
7.5
EPSS Score
0.77%
Published
2017-05-18
Updated
2019-03-15
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Max CVSS
7.5
EPSS Score
0.66%
Published
2017-01-15
Updated
2019-10-03
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
Max CVSS
7.1
EPSS Score
32.65%
Published
2017-01-18
Updated
2017-09-03
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.44%
Published
2016-06-29
Updated
2016-11-28
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-06-29
Updated
2016-11-30
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2016-06-29
Updated
2016-11-30
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2016-06-29
Updated
2018-07-31
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
Max CVSS
7.5
EPSS Score
0.57%
Published
2016-06-29
Updated
2016-11-30
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.64%
Published
2016-06-29
Updated
2016-11-30
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Max CVSS
7.4
EPSS Score
0.65%
Published
2016-05-22
Updated
2017-11-04
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Max CVSS
7.5
EPSS Score
0.42%
Published
2015-11-09
Updated
2017-11-04
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
Max CVSS
7.5
EPSS Score
7.16%
Published
2014-08-18
Updated
2014-08-28
66 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!