1091 matches found
DEBIAN-CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
Design/Logic Flaw
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...
UBUNTU-CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
Design/Logic Flaw
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...
CVE-2020-28036
WordPress vulnerability CVE-2020-28036: wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows privilege escalation via XML-RPC comment actions. Root cause: XML-RPC handling enables elevated privileges when commenting on a post. Affected: WordPress core prior to 5.5.2. Impact: po...
CVE-2020-28035
CVE-2020-28035 affects WordPress up to version 5.5.2, where an XML‑RPC based flaw allows an attacker to escalate privileges. The issue is publicly documented in CVE-2020-28035 with a high launcher in the CVSS context (network, low attack complexity, no authentication). The connected records corro...
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...
wordpress -- multiple issues
wordpress developers reports: Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues: -Props to Alex Concha of the WordPress Security Team for their work in...
WordPress < 5.5.2 - XML-RPC Privilege Escalation
Description The release notes state: "Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC."...
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability
XML-RPC Privilege Escalation vulnerability found by Justin Tran in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
Scientific Linux Security Update : python on SL7.x x86_64 (20201001)
Security Fixes : - python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid141713; scriptversion"1.3";...
python, tkinter security update
CentOS Errata and Security Advisory CESA-2020:3911 An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python: XSS vulnerability in the documentation XML-RPC server in server_title field
A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...
PT-2020-5780 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain...