Wordpress : Security Vulnerabilities, CVEs, Published In 2017 (XSS) CVSS score >= 6
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Max CVSS
6.1
EPSS Score
0.38%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
Max CVSS
6.1
EPSS Score
0.37%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
Max CVSS
6.1
EPSS Score
0.29%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Max CVSS
8.6
EPSS Score
0.62%
Published
2017-05-18
Updated
2019-10-03
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
Max CVSS
6.1
EPSS Score
0.29%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
Max CVSS
6.1
EPSS Score
0.32%
Published
2017-03-12
Updated
2019-03-19
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
Max CVSS
6.1
EPSS Score
0.23%
Published
2017-01-30
Updated
2019-03-19
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
Max CVSS
6.1
EPSS Score
0.47%
Published
2017-01-15
Updated
2017-11-04
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Max CVSS
6.1
EPSS Score
0.48%
Published
2017-01-15
Updated
2017-11-04
12 vulnerabilities found