Linux Distros Unpatched Vulnerability : CVE-2019-20041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as wpksesbadprotocol fails to validate that uri attributes do not contain invalid/or unauthorized protocols...

WordPress 3.7.x < 3.7.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Two cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing ...

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability

wpksesbadprotocol Colon Bypass vulnerability found by WordPress.org Security Team in WordPress versions = 5.3. Solution Update the WordPress to the latest available version at least 5.3.1...

Fedora 31 : wordpress (2019-e16ba9e54e)

WordPress 5.3.2 Maintenance Release Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues. Main issues addressed in 5.3.2 : - Date/Time: Ensure that getfeedbuilddate correctly...

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

UBUNTU-CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

FreeBSD : wordpress -- multiple issues (7b97b32e-27c4-11ea-9673-4c72b94353b5)

wordpress developers reports : Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for...

wordpress -- multiple issues

wordpress developers reports: Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for findi...