Wordpress : Security Vulnerabilities, CVEs, Published In September 2019 CVSS score >= 3
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
Max CVSS
6.1
EPSS Score
1.06%
Published
2019-09-11
Updated
2023-01-31
WordPress before 5.2.3 allows XSS in stored comments.
Max CVSS
6.1
EPSS Score
1.02%
Published
2019-09-11
Updated
2023-01-31
WordPress before 5.2.3 allows XSS in shortcode previews.
Max CVSS
6.1
EPSS Score
5.96%
Published
2019-09-11
Updated
2023-01-31
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
Max CVSS
6.1
EPSS Score
0.18%
Published
2019-09-11
Updated
2023-01-31
WordPress before 5.2.3 allows reflected XSS in the dashboard.
Max CVSS
6.1
EPSS Score
1.02%
Published
2019-09-11
Updated
2023-01-31
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Max CVSS
6.1
EPSS Score
0.60%
Published
2019-09-11
Updated
2023-01-31
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
Max CVSS
5.4
EPSS Score
0.62%
Published
2019-09-11
Updated
2022-10-07
7 vulnerabilities found