CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wordpress » Wordpress : Security Vulnerabilities Published In 2017 (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14726 79 XSS 2017-09-23 2017-11-09
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
2 CVE-2017-14724 79 XSS 2017-09-23 2017-11-09
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
3 CVE-2017-14721 79 XSS 2017-09-23 2017-11-09
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
4 CVE-2017-14720 79 XSS 2017-09-23 2017-11-09
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
5 CVE-2017-14718 79 XSS 2017-09-23 2017-11-09
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
6 CVE-2017-9063 79 XSS 2017-05-18 2017-11-03
4.3
None Remote Medium Not required None Partial None
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
7 CVE-2017-9061 79 XSS 2017-05-18 2017-11-03
4.3
None Remote Medium Not required None Partial None
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
8 CVE-2017-6818 79 XSS 2017-03-11 2017-07-17
4.3
None Remote Medium Not required None Partial None
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
9 CVE-2017-6817 79 XSS 2017-03-11 2017-11-03
3.5
None Remote Medium Single system None Partial None
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
10 CVE-2017-6814 79 XSS 2017-03-11 2017-11-03
3.5
None Remote Medium Single system None Partial None
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
11 CVE-2017-5612 79 XSS 2017-01-29 2017-11-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
12 CVE-2017-5490 79 XSS 2017-01-14 2017-11-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
13 CVE-2017-5488 79 XSS 2017-01-14 2017-11-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
14 CVE-2016-7168 79 XSS 2017-01-04 2017-11-03
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.