Wordpress : Security Vulnerabilities Published In 2016 (XSS)
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| Max Base Score | 6.1 |
| Published | 2016-08-07 |
| Updated | 2017-11-04 |
| EPSS | 0.16% |
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
| Max Base Score | 6.1 |
| Published | 2016-06-29 |
| Updated | 2016-11-30 |
| EPSS | 0.35% |
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
| Max Base Score | 6.1 |
| Published | 2016-06-29 |
| Updated | 2016-11-30 |
| EPSS | 0.68% |
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
| Max Base Score | 6.1 |
| Published | 2016-05-22 |
| Updated | 2016-12-02 |
| EPSS | 0.51% |
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
| Max Base Score | 6.1 |
| Published | 2016-05-22 |
| Updated | 2016-12-02 |
| EPSS | 1.02% |
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
| Max Base Score | 6.1 |
| Published | 2016-05-22 |
| Updated | 2017-11-04 |
| EPSS | 1.14% |
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.
| Max Base Score | 6.1 |
| Published | 2016-05-22 |
| Updated | 2016-11-28 |
| EPSS | 0.18% |
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
| Max Base Score | 5.4 |
| Published | 2016-05-22 |
| Updated | 2017-11-04 |
| EPSS | 0.11% |
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
| Max Base Score | 6.1 |
| Published | 2016-05-22 |
| Updated | 2017-11-04 |
| EPSS | 16.75% |
9 vulnerabilities found