Lucene search
K

104 matches found

OSV
OSV
added 2022/01/06 11:0 p.m.23 views

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.6CVSS7.1AI score0.03695EPSS
Exploits1References9
Cvelist
Cvelist
added 2022/01/06 10:55 p.m.28 views

CVE-2022-21664 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

7.4CVSS9.1AI score0.04052EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/01/06 10:55 p.m.72 views

CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

8.8CVSS4.3AI score0.04052EPSS
Exploits0
OSV
OSV
added 2022/01/06 10:55 p.m.21 views

CVE-2022-21664 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

7.4CVSS8.6AI score0.04052EPSS
Exploits0References9
Cvelist
Cvelist
added 2022/01/06 10:50 p.m.36 views

CVE-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS8.5AI score0.97795EPSS
Exploits14References10
Vulnrichment
Vulnrichment
added 2022/01/06 10:50 p.m.36 views

CVE-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS7.8AI score0.97795EPSS
Exploits14References10
OSV
OSV
added 2022/01/06 10:50 p.m.43 views

CVE-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS8AI score0.97795EPSS
Exploits14References13
Debian CVE
Debian CVE
added 2022/01/06 10:50 p.m.165 views

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS3.4AI score0.97795EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.8 views

PT-2022-15017 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...

8.8CVSS6.7AI score0.97795EPSS
Exploits15References50
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.8 views

PT-2022-15018 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 4.1.34 Description: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of th...

8.8CVSS6.8AI score0.97795EPSS
Exploits15References47
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.6 views

PT-2022-7031

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through...

8.8CVSS7.5AI score0.97795EPSS
Exploits15References63
ATTACKERKB
ATTACKERKB
added 2022/01/06 12:0 a.m.770 views

CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...

8CVSS4.7AI score0.63712EPSS
In wildExploits0References7
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.7 views

PT-2022-15016 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect...

8.8CVSS6.6AI score0.97795EPSS
Exploits15References46
Tenable Nessus
Tenable Nessus
added 2021/10/15 12:0 a.m.32 views

Debian DSA-4985-1 : wordpress - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4985 advisory. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting XSS attacks or...

7.6CVSS6.2AI score0.02207EPSS
Exploits0References9
NVD
NVD
added 2021/09/09 10:15 p.m.15 views

CVE-2021-39200

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

5.3CVSS0.02207EPSS
Exploits0References3
OSV
OSV
added 2021/09/09 10:15 p.m.3 views

DEBIAN-CVE-2021-39200

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

5.3CVSS5.5AI score0.02207EPSS
Exploits0References1
OSV
OSV
added 2021/09/09 10:15 p.m.13 views

CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

5.4CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2021/09/09 10:15 p.m.36 views

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

4.3CVSS5.2AI score0.02207EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.4 views

PT-2021-4511 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8 Description: The issue allows an authenticated but low-privileged user, such as a contributor or author, to execute cross-site scripting XSS in the editor, bypassing restrictions imposed on users who do not hav...

7.6CVSS5.2AI score0.02207EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.6 views

PT-2021-4505 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...

7.6CVSS5.7AI score0.02207EPSS
Exploits0References21
Rows per page
Query Builder