23 matches found
WordPress 4.2.x < 4.2.15 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...
MGASA-2015-0290 Updated wordpress package fixes security vulnerabilities
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site CVE-2015-5622. WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber...
MGASA-2014-0493 Updated wordpress package fixes security vulnerabilities
XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...