cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*

CVE-2019-8943

Public exploit
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Max CVSS
6.5
EPSS Score
95.88%
Published
2019-02-20
Updated
2021-02-23

CVE-2019-8942

Public exploit
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
Max CVSS
8.8
EPSS Score
95.71%
Published
2019-02-20
Updated
2021-07-21

CVE-2016-10045

Public exploit
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Max CVSS
9.8
EPSS Score
96.69%
Published
2016-12-30
Updated
2021-09-30

CVE-2016-10033

Public exploit
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Max CVSS
9.8
EPSS Score
97.13%
Published
2016-12-30
Updated
2021-09-30

CVE-2016-6897

Public exploit
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
Max CVSS
6.5
EPSS Score
0.33%
Published
2017-01-18
Updated
2017-09-03

CVE-2014-5266

Public exploit
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Max CVSS
5.0
EPSS Score
94.49%
Published
2014-08-18
Updated
2015-11-25

CVE-2013-0235

Public exploit
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Max CVSS
6.4
EPSS Score
13.01%
Published
2013-07-08
Updated
2013-07-08

CVE-2009-2335

Public exploit
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Max CVSS
5.0
EPSS Score
96.95%
Published
2009-07-10
Updated
2018-11-08
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!