PT-2020-3601 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, files with...

Cross-Site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via malicious links due to insufficient validation and sanitization in the function wptargetedlinkrel in wp-includes/formatting.php...

DEBIAN-CVE-2019-20042

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wptargetedlinkrel can be used in a particular way to result in a stored cross-site scripting XSS vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a mino...

Wordpress 3.9.2 /wp-includes/formatting.php 跨站脚本漏洞

No description provided by source...

Cross site scripting

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2012-2403

WordPress: CVE-2012-2403 affects wp-includes/formatting.php in WordPress prior to 3.3.2, where clickable links inside HTML attributes enable cross-site scripting (XSS) via unspecified vectors. The underlying issue is improper handling of links in attributes, allowing injected scripts to execute i...

CVE-2012-2403

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...