Lucene search
Ryan DewhurstWPVDB-ID:4494A903-5A73-4CAD-8C14-1E7B4DA2BE61HistorySep 05, 2019 - 12:00 a.m.
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
2019-09-0500:00:00
Ryan Dewhurst
wpscan.com
33
0.006 Low
EPSS
Percentile
78.5%
According to the WordPress release notes: “Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.”
PoC
Thanks to @irsdl’s Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities
Related
ubuntucve
ubuntucve
CVE-2019-16222
2019-09-11 00:00:00
debiancve
debiancve
CVE-2019-16222
2019-09-11 14:15:12
nvd
nvd
CVE-2019-16222
2019-09-11 14:15:12
veracode
veracode
Cross-site Scripting (XSS)
2019-09-12 12:32:16
wpexploit
wpexploit
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
2019-09-05 00:00:00
prion
prion
Cross site scripting
2019-09-11 14:15:00
osv
osv
CVE-2019-16222
2019-09-11 14:15:12
wordpress - security update
2019-10-16 00:00:00
wordpress - security update
2020-01-08 00:00:00
cvelist
cvelist
CVE-2019-16222
2019-09-11 13:07:15
cve
cve
CVE-2019-16222
2019-09-11 14:15:12
nessus
nessus
Debian DLA-1960-1 : wordpress security update
2019-10-18 00:00:00
Debian DSA-4599-1 : wordpress - security update
2020-01-09 00:00:00
debian
debian
[SECURITY] [DLA 1960-1] wordpress security update
2019-10-17 20:21:46
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
openvas
openvas
WordPress Multiple Vulnerabilities (Sep 2019) - Linux
2019-09-09 00:00:00
WordPress Multiple Vulnerabilities (Sep 2019) - Windows
2019-09-09 00:00:00
Debian: Security Advisory (DLA-1960-1)
2019-10-18 00:00:00
hackerone
hackerone
Nord Security: Version problem in wordpress leads to the many vulnearability
2019-12-05 10:21:54