104 matches found
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
CVE-2022-21664 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...
CVE-2022-21664
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...
CVE-2022-21664 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...
CVE-2022-21661 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...
CVE-2022-21661 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...
CVE-2022-21661 SQL injection in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...
PT-2022-15017 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...
PT-2022-15018 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 4.1.34 Description: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of th...
PT-2022-7031
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through...
CVE-2022-21662
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...
PT-2022-15016 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect...
Debian DSA-4985-1 : wordpress - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4985 advisory. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting XSS attacks or...
CVE-2021-39200
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...
DEBIAN-CVE-2021-39200
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...
CVE-2021-39201
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...
Double free
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...
PT-2021-4511 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8 Description: The issue allows an authenticated but low-privileged user, such as a contributor or author, to execute cross-site scripting XSS in the editor, bypassing restrictions imposed on users who do not hav...
PT-2021-4505 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...