WordPress 5.2.x < 5.2.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress XSS Bug Allows Drive-By Code Execution

A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The attack is due to not handling of the existing rel attribute in wprelnofollowcalback, allowing an attacker to inject arbitrary script during shortcode previews...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

DEBIAN-CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

Design/Logic Flaw

WordPress before 5.2.3 allows XSS in shortcode previews...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

UBUNTU-CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

CVE-2019-16219

CVE-2019-16219 concerns WordPress core prior to version 5.2.3, where a stored XSS flaw in shortcode previews could allow injection of malicious scripts. The vulnerability arises from improper handling of shortcode previews, enabling an attacker to potentially execute script when a user previews a...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

PT-2019-5209 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to an error in the shortcode preview functionality of the WordPress content management system, allowing for XSS attacks. This could potentially enable a remote attacker to...

FreeBSD : wordpress -- multiple issues (8a9f86de-d080-11e9-9051-4c72b94353b5)

wordpress developersreports : Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode Previews

Description According to the WordPress release notes: "Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting XSS in shortcode previews."...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

Design/Logic Flaw

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

Summary: CVE-2019-15889 affects the WordPress Download Manager plugin prior to 2.9.94. The vulnerability is a cross-site scripting (XSS) flaw in the category shortcode feature, exploitable via the orderby or publish_date parameters (e.g., ?orderby=title,publish_date or similar). Impact (as stated...

WordPress shortcode-factory plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. An input validation error vulnerability exists in the WordPress...