166 matches found
Fedora 30 : wordpress (2020-fa71ca92f8)
WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...
DEBIAN-CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
UBUNTU-CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
CVE-2020-11030
CVE-2020-11030 affects WordPress blocks/search handling. A crafted payload can cause scripts to run within the block editor search block when an authenticated user with content-adding rights is present. The vulnerability is mitigated by upgrading to WordPress 5.4.1 or applying the listed minor re...
CVE-2020-5528
Cross-site scripting vulnerability in Movable Type series Movable Type 7 r.4603 and earlier Movable Type 7, Movable Type 6.5.2 and earlier Movable Type 6.5, Movable Type Advanced 7 r.4603 and earlier Movable Type Advanced 7, Movable Type Advanced 6.5.2 and earlier Movable Type Advanced 6.5, Movab...
Movable Type vulnerable to cross-site scripting
Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79 in block editor and rich text editor. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the...
Cross-site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered...
Cross-site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered...
FreeBSD : wordpress -- multiple issues (7b97b32e-27c4-11ea-9673-4c72b94353b5)
wordpress developers reports : Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for...
DEBIAN-CVE-2019-16780
WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...
CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
DEBIAN-CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
CVE-2019-16780
WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...
Cross site scripting
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
UBUNTU-CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
UBUNTU-CVE-2019-16780
WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...