Lucene search
Veracode Vulnerability DatabaseVERACODE:22232HistoryDec 27, 2019 - 2:30 a.m.
Cross-site Scripting (XSS)
2019-12-2702:30:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
EPSS
0.001
Percentile
48.1%
wordpress is vulnerable to cross-site scripting (XSS). The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered.
References
github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
github.com/WordPress/WordPress/commit/20740afc8fe6b095ef9b927be7f601c9b9cae472
hackerone.com/reports/731301
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/9976
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677
Related
cve
cve
CVE-2019-16781
2019-12-26 17:15:13
prion
prion
Cross site scripting
2019-12-26 17:15:00
nvd
nvd
CVE-2019-16781
2019-12-26 17:15:13
debiancve
debiancve
CVE-2019-16781
2019-12-26 17:15:13
osv
osv
CVE-2019-16781
2019-12-26 17:15:13
wordpress - security update
2020-01-08 00:00:00
cvelist
cvelist
CVE-2019-16781 Stored cross-site scripting (XSS) in WordPress block editor
2019-12-26 17:00:17
ubuntucve
ubuntucve
CVE-2019-16781
2019-12-26 00:00:00
wpvulndb
wpvulndb
WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content
2019-12-13 00:00:00
openvas
openvas
WordPress Multiple Vulnerabilities (Dec 2019) - Linux
2019-12-16 00:00:00
WordPress Multiple Vulnerabilities (Dec 2019) - Windows
2019-12-16 00:00:00
Debian: Security Advisory (DSA-4599-1)
2020-01-08 00:00:00
debian
debian
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
nessus
nessus
Debian DSA-4599-1 : wordpress - security update
2020-01-09 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00