WordPress 3.9.x < 3.9.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.9.x < 4.9.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.5.x < 4.5.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.6.x < 4.6.13 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.3.x < 4.3.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 3.8.x < 3.8.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress PHP Object Injection Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions prior to 5.0.1. An attacker can exploit this...

WordPress 4.8.x < 4.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.7.x < 4.7.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.0.x < 4.0.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 3.7.x < 3.7.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress Multiple Vulnerabilities (Dec 2018) - Windows

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress Multiple Vulnerabilities (Dec 2018) - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

DEBIAN-CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

UBUNTU-CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...