Lucene search
Veracode Vulnerability DatabaseVERACODE:8033HistoryDec 17, 2018 - 3:30 a.m.
Object Injection
2018-12-1703:30:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.018 Low
EPSS
Percentile
88.1%
wordpress is vulnerable to PHP object injection. The vulnerability exists in the wp_get_attachment_thumb_file function in wp-includes/post.php because the attack can be triggered by inputting manipulated metadata. in the wp_get_attachment_thumb_file function in wp-includes/post.php
Related
cve
cve
CVE-2018-20148
2018-12-14 20:29:00
cvelist
cvelist
CVE-2018-20148
2018-12-14 20:00:00
prion
prion
Design/Logic Flaw
2018-12-14 20:29:00
wpvulndb
wpvulndb
WordPress <= 5.0 - PHP Object Injection via Meta Data
2018-12-13 00:00:00
debiancve
debiancve
CVE-2018-20148
2018-12-14 20:29:00
nvd
nvd
CVE-2018-20148
2018-12-14 20:29:00
ubuntucve
ubuntucve
CVE-2018-20148
2018-12-14 00:00:00
osv
osv
CVE-2018-20148
2018-12-14 20:29:00
wordpress - security update
2019-02-11 00:00:00
wordpress - security update
2019-03-01 00:00:00
nessus
nessus
WordPress < 4.9.9 / 5.x < 5.0.1 Multiple Vulnerabilities
2018-12-13 00:00:00
Debian DLA-1673-1 : wordpress security update
2019-02-12 00:00:00
Debian DSA-4401-1 : wordpress - security update
2019-03-04 00:00:00
openvas
openvas
WordPress Multiple Vulnerabilities (Dec 2018) - Windows
2018-12-17 00:00:00
WordPress Multiple Vulnerabilities (Dec 2018) - Linux
2018-12-17 00:00:00
Debian: Security Advisory (DLA-1673-1)
2019-02-11 00:00:00
debian
debian
[SECURITY] [DLA 1673-1] wordpress security update
2019-02-11 23:24:13
[SECURITY] [DSA 4401-1] wordpress security update
2019-03-01 07:03:31
[SECURITY] [DSA 4401-1] wordpress security update
2019-03-01 07:03:31