WordPress 4.6.x < 4.6.13 Multiple Vulnerabilities

WordPress 4.6.x < 4.6.13 Multiple Vulnerabilities According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities: Authors could alter meta data to delete files that they weren’t authorized to. Authors could create posts of unauthorized types with specially crafted input. Contributors could craft meta data in a way that resulted in PHP object injection. Contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting. User activation screen could be indexed by search engines leading to exposure of sensitive information. Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting

Reporter	Title	Published	Views	Family All 112
CNVD	WordPress Post Type Restriction Bypass Vulnerability	17 Dec 201800:00	–	cnvd
CNVD	WordPress Cross-Site Scripting Vulnerability (CNVD-2019-05909)	17 Dec 201800:00	–	cnvd
CNVD	WordPress PHP Object Injection Vulnerability	17 Dec 201800:00	–	cnvd
CNVD	WordPress File Deletion Restriction Bypass Vulnerability	17 Dec 201800:00	–	cnvd
CVE	CVE-2018-20147	14 Dec 201820:00	–	cve
CVE	CVE-2018-20148	14 Dec 201820:00	–	cve
CVE	CVE-2018-20149	14 Dec 201820:00	–	cve
CVE	CVE-2018-20150	14 Dec 201820:00	–	cve
CVE	CVE-2018-20151	14 Dec 201820:00	–	cve
CVE	CVE-2018-20152	14 Dec 201820:00	–	cve

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
wordpress	www.wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
wordpress	www.wordpress.org/support/wordpress-version/version-4-6-13/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

14 Mar 2023 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 27.5

CVSS 39.8

EPSS0.54862