Wordpress » Wordpress : Security Vulnerabilities Published In 2018 (Cross Site Scripting (XSS))
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-20153 |
79 |
|
XSS |
2018-12-14 |
2019-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. |
2 |
CVE-2018-20150 |
79 |
|
XSS |
2018-12-14 |
2019-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. |
3 |
CVE-2018-20149 |
79 |
|
XSS Bypass |
2018-12-14 |
2019-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. |
4 |
CVE-2018-10102 |
79 |
|
XSS |
2018-04-16 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. |
5 |
CVE-2018-5776 |
79 |
|
XSS |
2018-01-18 |
2018-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). |
Total number of vulnerabilities :
5
Page :
1
(This Page)