CVE-2026-4248

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...

EUVD-2019-7035

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-16223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows XSS in post previews by authenticated users. CVE-2019-16223 Note that Nessus relies on the presence of the package as reported by...

Wordpress Core 5.2.2 - 'post previews' XSS

Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...

WordPress Core 5.2.2 Cross Site Scripting

Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...

DEBIAN-CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

UBUNTU-CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users...

CVE-2019-16223

WordPress Core prior to 5.2.3 is vulnerable to an XSS in post previews when accessed by authenticated users. The root cause involves wp_kses_bad_protocol_once() URL sanitization, which in affected versions can be bypassed via crafted input, enabling arbitrary script execution in the user’s browse...

PT-2019-5213 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to an error in the content management system of WordPress, allowing for a Cross-Site Scripting XSS attack when authorized users view post previews. This could enable a remote...

WordPress 5.2.2 - Cross-Site Scripting (XSS) in Stored Comments

Description From the WordPress version release notes: "Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored...

WordPress 5.2.2 - Authenticated Cross-Site Scripting (XSS) in Post Previews

Description From the WordPress version release: "Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments."...