In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.16%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.62%
Published
2018-12-14
Updated
2019-03-04
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.10%
Published
2018-12-14
Updated
2019-03-04
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.45%
Published
2018-04-16
Updated
2018-05-18
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
Source: MITRE
Max CVSS
6.1
EPSS Score
0.20%
Published
2018-01-18
Updated
2018-02-01
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!