WordPress 4.2.x < 4.2.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress 3.9.x < 3.9.35 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

DEBIAN-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

UBUNTU-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

WordPress WordPress Multisite Content Copier/Updater plugin <= 1.4.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered in WordPress WordPress Multisite Content Copier/Updater plugin versions = 1.4.0. Solution Update the WordPress WordPress Multisite Content Copier/Updater plugin to the latest available version at least 1.5.0...

WordPress Multisite Content Copier/Updater plugin <= 1.4.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Multisite Content Copier/Updater plugin versions = 1.4.0. Solution Update the WordPress Multisite Content Copier/Updater plugin to the latest available version at least 1.5.0...

WordPress < 5.8.3 - Super Admin Object Injection in Multisites

Description On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection...

PT-2022-15017 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...

WordPress -- Multiple Vulnerabilities

The WordPress project reports: Issue with stored XSS through post slugs Issue with Object injection in some multisite installations SQL injection vulnerability in WPQuery SQL injection vulnerability in WPMetaQuery...

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

CVE-2021-43850 Denial of Service in discourse

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

PT-2022-11919 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.0.beta10 Discourse versions prior to 2.7.12 Description: The issue affects Discourse, an open source platform for community discussion, where admin users can trigger a Denial of Service attack via the...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

CVE-2021-42361

The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the /trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts,...

Insecure Cookies

railsmultisite is susceptible to insecure cookie usage. An authenticated remote attacker is able to re-use cookies from railsmultisite across different sites which share the same secretkeybase...