WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
Max CVSS
5.4
EPSS Score
0.22%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Max CVSS
7.5
EPSS Score
0.42%
Published
2019-10-17
Updated
2022-03-31
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
Max CVSS
6.1
EPSS Score
1.69%
Published
2019-10-17
Updated
2023-02-03
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Max CVSS
5.3
EPSS Score
1.12%
Published
2019-10-17
Updated
2023-02-03
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-10-17
Updated
2022-11-07
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Max CVSS
9.8
EPSS Score
1.53%
Published
2019-10-17
Updated
2023-02-03
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!