Wordpress : Security Vulnerabilities, CVEs, Published In 2018 (XSS)
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
Max CVSS
6.1
EPSS Score
0.20%
Published
2018-01-18
Updated
2018-02-01
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Max CVSS
6.1
EPSS Score
0.45%
Published
2018-04-16
Updated
2018-05-18
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Max CVSS
5.4
EPSS Score
0.10%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Max CVSS
6.1
EPSS Score
0.76%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Max CVSS
5.4
EPSS Score
0.17%
Published
2018-12-14
Updated
2019-03-04
5 vulnerabilities found