Wordpress : Security Vulnerabilities, CVEs, Published In October 2019 CVSS score >= 2
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
Max CVSS
5.4
EPSS Score
0.22%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Max CVSS
7.5
EPSS Score
0.42%
Published
2019-10-17
Updated
2022-03-31
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
Max CVSS
6.1
EPSS Score
1.69%
Published
2019-10-17
Updated
2023-02-03
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Max CVSS
5.3
EPSS Score
1.56%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-10-17
Updated
2022-11-07
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Max CVSS
9.8
EPSS Score
1.53%
Published
2019-10-17
Updated
2023-02-03
7 vulnerabilities found