7 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-20150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. CVE-2018-20150 Note that Nessus relies o...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
Debian DLA-1673-1 : wordpress security update
CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148 Contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the...
[SECURITY] [DLA 1673-1] wordpress security update
Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...
WordPress Multiple Vulnerabilities (Dec 2018) - Windows
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-20150
CVE-2018-20150 affects WordPress before 4.9.9 and 5.x before 5.0.1, where crafted URLs could trigger cross-site scripting in certain plugin use cases. Root cause involves payloads in URLs that bypass filtering for some plugin scenarios. Impact is XSS with potential exposure of data or session con...