Wordpress : Security Vulnerabilities
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2023-22622 |
|
|
Exec Code |
2023-01-05 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. |
2 |
CVE-2022-43504 |
287 |
|
|
2022-12-05 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. |
3 |
CVE-2022-43500 |
79 |
|
XSS |
2022-12-05 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. |
4 |
CVE-2022-43497 |
79 |
|
XSS |
2022-12-05 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. |
5 |
CVE-2022-3590 |
918 |
|
|
2022-12-14 |
2022-12-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. |
Total number of vulnerabilities :
5
Page :
1
(This Page)