WordPress Core <= 6.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 6.5
WordPress Core plugin <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Sensitive Data Exposure
- Score:
- 5.3
WordPress core < 6.4.3 - Auth. (Admin+) PHP File Upload vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Arbitrary File Upload
- Score:
- 6.6
References
PatchStack
CVE
Timeline
- Publicly Published
- 2024-01-31
- Created
- 2024-01-31
WordPress core < 6.3.2 – Auth. (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Other Vulnerability Type
- Score:
- 5.4
References
PatchStack
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core < 6.3.2 - Sensitive Information Exposure via User Search REST Endpoint
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Sensitive Data Exposure
- Score:
- 5.3
References
PatchStack
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core < 6.3.2 - Reflected Cross-Site Scripting via Application Password Requests
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 6.1
References
PatchStack
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core < 6.3.2 - Contributor+ Comment Read on Private and Password Protected Post vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 4.3
References
PatchStack
CVE
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core < 6.3.2 - Contributor+ Stored XSS in Navigation Links Block vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 6.5
References
PatchStack
CVE
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core < 6.3.2 - Cache Poisoning Denial of Service vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Denial of Service Attack
- Score:
- 5.3
References
PatchStack
Timeline
- Publicly Published
- 2023-10-13
- Created
- 2023-10-13
WordPress core <= 6.2.1 - Unauth. Shortcode Execution vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Content Injection
- Score:
- 6.5
References
PatchStack
Timeline
- Publicly Published
- 2023-05-22
- Created
- 2023-05-22
WordPress core <= 6.2 - Insufficient Sanitization of Block Attributes vulnerabilities
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Content Injection
- Score:
- 6.4
References
PatchStack
Timeline
- Publicly Published
- 2023-05-17
- Created
- 2023-05-17
WordPress core <= 6.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 6.5
References
PatchStack
Timeline
- Publicly Published
- 2023-05-17
- Created
- 2023-05-17
WordPress core <= 6.2 - Unauth. Shortcode Execution vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Content Injection
- Score:
- 6.5
References
PatchStack
Timeline
- Publicly Published
- 2023-05-17
- Created
- 2023-05-17
WordPress core <= 6.2 - Unauth. Directory Traversal vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Directory Traversal
- Score:
- 5.4
WordPress core <= 6.2 - Cross-Site Request Forgery vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Request Forgery (CSRF)
- Score:
- 4.3
References
PatchStack
Timeline
- Publicly Published
- 2023-05-17
- Created
- 2023-05-17
WordPress Core All Versions - Unauthenticated Blind Server-Side Request Forgery vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Server Side Request Forgery (SSRF)
- Score:
- 4