CVE-2018-20157 CVSS:0.0
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20156 CVSS:0.0
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20155 CVSS:0.0
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20154 CVSS:0.0
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20153 CVSS:0.0
In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20152 CVSS:0.0
In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20151 CVSS:0.0
In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20150 CVSS:0.0
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20149 CVSS:0.0
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS. (Last Update:2018-12-14) (Publish Update:2018-12-14)
CVE-2018-20148 CVSS:0.0
In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata. (Last Update:2018-12-14) (Publish Update:2018-12-14)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com