Lucene search
K

175 matches found

CVE
CVE
added 2018/05/31 8:0 p.m.54 views

CVE-2016-10569

The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/10/02 12:0 a.m.51 views

FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)

wordpress developers report : Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before...

7.5CVSS6.3AI score0.13385EPSS
Exploits1References20
Veracode
Veracode
added 2017/09/29 8:50 a.m.26 views

Cross-site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The library does not properly handle HTML elements in the oEmbed sandbox before rendering, allowing a malicious user to inject and execute arbitrary webscript...

6.1CVSS7.4AI score0.02859EPSS
Exploits0References6Affected Software2
WPVulnDB
WPVulnDB
added 2017/09/25 12:0 a.m.40 views

WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed

Description A cross-site scripting XSS vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team...

6.1CVSS6.1AI score0.02859EPSS
Exploits0References2
CNVD
CNVD
added 2017/09/25 12:0 a.m.6 views

WordPress oEmbed discovery cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. oEmbed discovery is one of the oEmbed search plugin. A cross-site scripting vulnerability exists in oEmbed...

6.1CVSS7.1AI score0.02859EPSS
Exploits0References1
Prion
Prion
added 2017/09/23 8:29 p.m.16 views

Cross site scripting

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

4.3CVSS6AI score0.02859EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/09/23 8:29 p.m.2 views

UBUNTU-CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

6.1CVSS6.8AI score0.02859EPSS
Exploits0References4
OSV
OSV
added 2017/09/23 8:29 p.m.1 views

DEBIAN-CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

6.1CVSS6.3AI score0.02859EPSS
Exploits0References1
OSV
OSV
added 2017/09/23 8:29 p.m.23 views

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

6.1CVSS6.4AI score
Exploits0References6
Cvelist
Cvelist
added 2017/09/23 8:0 p.m.28 views

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

7.3AI score0.02859EPSS
Exploits0References6
CVE
CVE
added 2017/09/23 8:0 p.m.175 views

CVE-2017-14724

CVE-2017-14724 affects WordPress prior to 4.8.2, where oEmbed discovery is vulnerable to cross-site scripting. The issue is triggered via oEmbed discovery paths and is exploitable by unauthenticated actors under network conditions; impact is listed as partial integrity leakage and low confidentia...

6.1CVSS6.2AI score0.02859EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2017/09/23 8:0 p.m.33 views

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...

6.1CVSS2.6AI score0.02859EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/09/23 12:0 a.m.55 views

wordpress -- multiple issues

wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...

7.5CVSS6.4AI score0.13385EPSS
Exploits1References12
CNVD
CNVD
added 2017/09/21 12:0 a.m.3 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-34852)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability in oEmbed Discovery. A remote attacker can exploit this...

6.1AI score
Exploits0References1
Patchstack
Patchstack
added 2017/09/19 12:0 a.m.10 views

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed)

Cross-Site Scripting XSS vulnerability found by xknown of the WordPress Security Team in WordPress oEmbed version 4.8.1 and earlier versions. Solution Update the WordPress to the latest available version at least 4.8.2...

2.5AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2017/01/12 7:24 p.m.52 views

Discourse: Stored XSS in posts because of absence of oembed variables values escaping

Hello! Steps to reproduce: 1. Paste this payload URL in the post: http://89.223.28.48/oembedvideo.html?uncache 2. Save the post and you will see the XSS will fire. F151922 The vulnerability exists because of absence of oembed variables values escaping. There is the oembed link in the payload page...

5.6AI score
Exploits0
OpenVAS
OpenVAS
added 2016/07/20 12:0 a.m.35 views

WordPress Multiple Vulnerabilities (Jul 2016) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

7.5CVSS7.1AI score0.04084EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2016/07/07 12:0 a.m.14 views

WordPress < 4.5.3 Multiple Vulnerabilities

Binary data 9388.prm...

7.5CVSS7.3AI score0.04084EPSS
Exploits0References9
NVD
NVD
added 2016/06/29 2:10 p.m.18 views

CVE-2016-5836

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors...

7.5CVSS7.3AI score0.04084EPSS
Exploits0References6
OSV
OSV
added 2016/06/29 2:10 p.m.0 views

DEBIAN-CVE-2016-5836

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors...

7.5CVSS7.2AI score0.04084EPSS
Exploits0References1
Rows per page
Query Builder