Lucene search
Veracode Vulnerability DatabaseVERACODE:22234HistoryDec 27, 2019 - 4:34 a.m.
Cross-site Scripting (XSS)
2019-12-2704:34:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
52.7%
wordpress is vulnerable to cross-site scripting (XSS). The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered.
References
github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
hackerone.com/reports/738644
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/9976
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677
Related
debiancve
debiancve
CVE-2019-16780
2019-12-26 17:15:13
ubuntucve
ubuntucve
CVE-2019-16780
2019-12-26 00:00:00
nvd
nvd
CVE-2019-16780
2019-12-26 17:15:13
cve
cve
CVE-2019-16780
2019-12-26 17:15:13
osv
osv
CVE-2019-16780
2019-12-26 17:15:13
wordpress - security update
2020-01-08 00:00:00
prion
prion
Code injection
2019-12-26 17:15:00
cvelist
cvelist
CVE-2019-16780 Stored cross-site scripting (XSS) in WordPress block editor
2019-12-26 16:50:13
wpvulndb
wpvulndb
WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content
2019-12-13 00:00:00
openvas
openvas
WordPress Multiple Vulnerabilities (Dec 2019) - Windows
2019-12-16 00:00:00
WordPress Multiple Vulnerabilities (Dec 2019) - Linux
2019-12-16 00:00:00
Debian: Security Advisory (DSA-4599-1)
2020-01-08 00:00:00
debian
debian
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
nessus
nessus
Debian DSA-4599-1 : wordpress - security update
2020-01-09 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00