WordPress Security Vulnerabilities
6.1CVSS
6AI Score
0.007EPSS
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS)...
6.1CVSS
5.8AI Score
0.006EPSS
5.4CVSS
5.5AI Score
0.006EPSS
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is...
6.1CVSS
6AI Score
0.011EPSS
6.1CVSS
5.9AI Score
0.007EPSS
6.1CVSS
6AI Score
0.043EPSS
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open...
6.1CVSS
6.1AI Score
0.002EPSS
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date]...
6.1CVSS
5.9AI Score
0.033EPSS
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter...
7.3CVSS
7.3AI Score
0.001EPSS
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php...
7.5CVSS
7.7AI Score
0.001EPSS
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js...
7.5CVSS
7.7AI Score
0.001EPSS
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess...
7.5CVSS
7.7AI Score
0.001EPSS
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js...
7.5CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall...
6.5CVSS
6.5AI Score
0.001EPSS
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is:...
7.5CVSS
7.5AI Score
0.001EPSS
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax...
9.8CVSS
9.5AI Score
0.001EPSS
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":"...
5.3CVSS
4.9AI Score
0.002EPSS
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can.....
9.1CVSS
8.8AI Score
0.005EPSS
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the...
7.5CVSS
7.4AI Score
0.003EPSS
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS....
8.8CVSS
8.5AI Score
0.755EPSS
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image....
8.8CVSS
7.8AI Score
0.956EPSS
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg...
6.5CVSS
6.4AI Score
0.949EPSS
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID...
9.8CVSS
9.7AI Score
0.002EPSS
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload...
7.5CVSS
7.4AI Score
0.001EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting...
6.5CVSS
7.6AI Score
0.002EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving...
6.1CVSS
7.2AI Score
0.006EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by...
7.5CVSS
8.4AI Score
0.01EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted...
6.5CVSS
7.7AI Score
0.002EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in...
9.8CVSS
9.3AI Score
0.018EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG...
5.4CVSS
7AI Score
0.001EPSS
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing...
5.4CVSS
7.1AI Score
0.002EPSS
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection...
8.8CVSS
8.6AI Score
0.006EPSS
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON...
7.5CVSS
7.3AI Score
0.003EPSS
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...
8.8CVSS
8.9AI Score
0.01EPSS
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this h...
8.8CVSS
8.8AI Score
0.01EPSS
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...
7.2CVSS
7.3AI Score
0.316EPSS
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...
8.8CVSS
8AI Score
0.535EPSS
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV...
7.8CVSS
7.5AI Score
0.002EPSS
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in...
9.8CVSS
9.6AI Score
0.002EPSS
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use...
6.1CVSS
6AI Score
0.007EPSS
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress...
6.1CVSS
6.1AI Score
0.005EPSS
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator...
6.1CVSS
5.8AI Score
0.005EPSS
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force...
8.1CVSS
7.9AI Score
0.012EPSS
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to...
6.1CVSS
6.2AI Score
0.001EPSS
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode...
5.4CVSS
5.5AI Score
0.002EPSS
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many...
7.5CVSS
7.2AI Score
0.36EPSS
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under...
6.1CVSS
5.9AI Score
0.002EPSS
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to...
6.1CVSS
5.9AI Score
0.001EPSS
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted...
5.4CVSS
6.2AI Score
0.001EPSS