is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
Max CVSS
9.8
EPSS Score
2.42%
Published
2020-11-02
Updated
2022-04-28
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Max CVSS
7.5
EPSS Score
37.06%
Published
2018-02-06
Updated
2019-03-01
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
Max CVSS
7.1
EPSS Score
32.65%
Published
2017-01-18
Updated
2017-09-03
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2016-06-29
Updated
2018-07-31
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
Max CVSS
6.8
EPSS Score
0.87%
Published
2015-11-09
Updated
2017-11-04
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
Max CVSS
10.0
EPSS Score
0.65%
Published
2009-04-28
Updated
2017-08-17
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
Max CVSS
7.5
EPSS Score
1.01%
Published
2008-01-10
Updated
2018-10-15
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.
Max CVSS
7.8
EPSS Score
1.14%
Published
2007-01-29
Updated
2018-10-16
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!