cpe:2.3:a:wordpress:wordpress:3.3.2:*:*:*:*:*:*:*
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Max CVSS
6.1
EPSS Score
0.38%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Max CVSS
5.4
EPSS Score
0.14%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
Max CVSS
6.1
EPSS Score
0.37%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Max CVSS
9.8
EPSS Score
0.38%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Max CVSS
6.1
EPSS Score
0.25%
Published
2017-09-23
Updated
2017-11-10
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!