WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
Max CVSS
6.1
EPSS Score
0.20%
Published
2018-01-18
Updated
2018-02-01
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Max CVSS
6.1
EPSS Score
0.45%
Published
2018-04-16
Updated
2018-05-18
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Max CVSS
5.4
EPSS Score
0.10%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Max CVSS
6.1
EPSS Score
0.76%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Max CVSS
5.4
EPSS Score
0.17%
Published
2018-12-14
Updated
2019-03-04
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!