Wordpress Security Vulnerabilities and Issues — Wordpress CVE List

Lucene search

WordpressWordpress

3 matches found

CVE•added 2021/04/28 3:15 a.m.•509 views

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in saf...

9.8CVSS8.7AI score0.01227EPSS

CVE•added 2021/04/15 10:15 p.m.•455 views

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. I...

6.5CVSS5.2AI score0.01115EPSS

CVE•added 2021/04/15 9:15 p.m.•312 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has b...

7.1CVSS6.4AI score0.88883EPSS