Wordpress » Wordpress : Security Vulnerabilities Published In 2019 (Cross Site Scripting (XSS))
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-16223 |
79 |
|
XSS |
2019-09-11 |
2019-09-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
WordPress before 5.2.3 allows XSS in post previews by authenticated users. |
2 |
CVE-2019-16222 |
79 |
|
XSS |
2019-09-11 |
2019-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. |
3 |
CVE-2019-16221 |
79 |
|
XSS |
2019-09-11 |
2019-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.2.3 allows reflected XSS in the dashboard. |
4 |
CVE-2019-16219 |
79 |
|
XSS |
2019-09-11 |
2019-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.2.3 allows XSS in shortcode previews. |
5 |
CVE-2019-16218 |
79 |
|
XSS |
2019-09-11 |
2019-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.2.3 allows XSS in stored comments. |
6 |
CVE-2019-16217 |
79 |
|
XSS |
2019-09-11 |
2019-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. |
7 |
CVE-2019-9787 |
352 |
|
Exec Code XSS CSRF |
2019-03-14 |
2019-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. |
Total number of vulnerabilities :
7
Page :
1
(This Page)