Download
| Alert*
oval:org.secpod.oval:def:106620
wordpress is installed oval:org.secpod.oval:def:118186 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:602333 Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site. oval:org.secpod.oval:def:118190 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:118181 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:116150 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:2000348 WordPress through 5.0.3 allows Path Traversal in wp_crop_image. An attacker can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. oval:org.secpod.oval:def:2000913 In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then exe ... oval:org.secpod.oval:def:602634 It was discovered that the patch to fix CVE-2016-6635 added a function already present in the code, preventing the website to display completely. The package has been updated to fix this regression. oval:org.secpod.oval:def:602363 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability. CVE-2016-2222 Ronni Skansing discovered a server-side request forgery ... oval:org.secpod.oval:def:2000251 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service by using the large list of registered .js files to construct a series of requests to load every file many times. oval:org.secpod.oval:def:602189 Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ... oval:org.secpod.oval:def:602186 The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem. oval:org.secpod.oval:def:121158 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:121159 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:2000209 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. oval:org.secpod.oval:def:2001058 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. oval:org.secpod.oval:def:55472 Simon Scannell of Ripstech Technologies discovered multiple vulnerabilities in wordpress, a web blogging manager. oval:org.secpod.oval:def:2000857 In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine"s web crawler if an unusual configuration were chosen. The search engine could then index and display a user"s e-mail address and the password that was generated by default. oval:org.secpod.oval:def:2000593 In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. oval:org.secpod.oval:def:2001328 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. oval:org.secpod.oval:def:2001315 In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. oval:org.secpod.oval:def:601852 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ... oval:org.secpod.oval:def:108164 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:107977 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:106881 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-3.8.3/README.fedora oval:org.secpod.oval:def:107348 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:106846 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:107363 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-3.9.2/README.fedora oval:org.secpod.oval:def:108871 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:602066 Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in the ... oval:org.secpod.oval:def:107987 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-4.0.1/README.fedora oval:org.secpod.oval:def:108867 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:602258 The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ... oval:org.secpod.oval:def:109411 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:109410 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:602263 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ... oval:org.secpod.oval:def:602199 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ... oval:org.secpod.oval:def:602249 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability has b ... oval:org.secpod.oval:def:109995 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:110796 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:601269 The update of wordpress in DSA-2901-2 introduced a wrong versioned dependency on libjs-cropper, making the package uninstallable in the oldstable distribution . This update corrects that problem. For reference the original advisory text follows. Several vulnerabilities were discovered in Wordpress, ... oval:org.secpod.oval:def:601262 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-h ... oval:org.secpod.oval:def:110574 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:110573 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:105971 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. oval:org.secpod.oval:def:601271 The update for wordpress in DSA 2901 caused a regression in the Quick Drafts functionality. This update corrects that problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures projec ... oval:org.secpod.oval:def:601747 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/ oval:org.secpod.oval:def:601066 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:110031 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:110150 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:600548 Two XSS bugs and one potential information disclosure issue were discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0700 Input passed via the post title when performing a "Quick Edit" or "Bulk Edit&qu ... oval:org.secpod.oval:def:105805 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. oval:org.secpod.oval:def:601325 wordpress is installed oval:org.secpod.oval:def:110802 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:111339 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:601106 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:111355 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:110130 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:119746 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:600801 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:119741 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:110803 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:605498 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform XML External Entity attacks, and access private content. oval:org.secpod.oval:def:55473 WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The ... oval:org.secpod.oval:def:2003901 In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. oval:org.secpod.oval:def:121160 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:88431 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery or Cross-Site Scripting attacks. oval:org.secpod.oval:def:88432 The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable: this update corrects the problem. For reference, the original advisory text is provided here again: Several vulnerabilities were discovered in Wordpress, a web blogging tool. They al ... oval:org.secpod.oval:def:111912 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:111920 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:111973 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:111977 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:112124 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:112183 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:112406 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:112413 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113277 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113279 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113421 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113437 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113487 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113660 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113773 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113775 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113920 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:113922 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:114279 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:114280 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:125776 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:125786 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:69798 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and Cross-Site Request Forgery attacks, create open redirects, poison cache, and bypass authorization access and input sanitation. oval:org.secpod.oval:def:604838 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and Cross-Site Request Forgery attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authori ... oval:org.secpod.oval:def:78144 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, run unchecked SQL queries, bypass hardening, or perform Cross-Site Scripting attacks. oval:org.secpod.oval:def:115698 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:115703 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:114801 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:603459 A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code. oval:org.secpod.oval:def:114798 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:116133 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:53375 A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code. oval:org.secpod.oval:def:121763 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:121767 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:119061 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:118376 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:118374 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:605295 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting or Cross-Site Request Forgery attacks, escalate privileges, run arbitrary code, and delete arbitrary files. oval:org.secpod.oval:def:53320 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ... oval:org.secpod.oval:def:1900110 Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. oval:org.secpod.oval:def:603389 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ... oval:org.secpod.oval:def:1900057 Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. oval:org.secpod.oval:def:1900333 wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup. oval:org.secpod.oval:def:1900336 wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. oval:org.secpod.oval:def:1900338 Cross-site scripting vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related towp-admin/includes/class-theme-installer-skin.php. oval:org.secpod.oval:def:1900337 Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt. oval:org.secpod.oval:def:1900266 Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. oval:org.secpod.oval:def:1900268 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. oval:org.secpod.oval:def:1900261 WordPress 4.8.2 stores cleartext wp_signups.activation_key values , which might make it easier for remote attackers to hijack unactivated useraccounts by leveraging database read access . oval:org.secpod.oval:def:1900263 Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. oval:org.secpod.oval:def:1900278 WordPress before 4.8.3 is affected by an issue where $wpdb->prepare can create unexpected and unsafe queries leading to potential SQL injection in plugins and themes, as demonstrated by a "double prepare"approach, a different vulnerability than CVE-2017-14723. oval:org.secpod.oval:def:1900248 Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. oval:org.secpod.oval:def:1900255 Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. oval:org.secpod.oval:def:1900257 Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. oval:org.secpod.oval:def:1900250 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. oval:org.secpod.oval:def:1900253 Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name. oval:org.secpod.oval:def:603130 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. oval:org.secpod.oval:def:1900301 wp-admin/user-new.php in WordPress before 4.9.1 sets the new bloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. oval:org.secpod.oval:def:1900308 wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. oval:org.secpod.oval:def:602762 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims" credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks. oval:org.secpod.oval:def:1900313 wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. oval:org.secpod.oval:def:1900316 wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. oval:org.secpod.oval:def:53154 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. oval:org.secpod.oval:def:1900343 SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Queryin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQLcommands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. oval:org.secpod.oval:def:1900345 Multiple cross-site scripting vulnerabilities inwp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin. oval:org.secpod.oval:def:1900344 Cross-site request forgery vulnerability in WordPress before 4.7.1allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. oval:org.secpod.oval:def:1900346 wp-admin/includes/class-wp-press-this.php in Press This in WordPress before4.7.2 does not properly restrict visibility of a taxonomy-assignment userinterface, which allows remote attackers to bypass intended access restrictions by read ing terms. oval:org.secpod.oval:def:1900350 Cross-site request forgery vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related towp-admin/includes/class-wp-screen.php and wp-ad ... oval:org.secpod.oval:def:1900359 In WordPress before 4.7.3 , control characters can trick redirect URL validation. oval:org.secpod.oval:def:602918 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. oval:org.secpod.oval:def:1900451 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. oval:org.secpod.oval:def:53230 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. oval:org.secpod.oval:def:1900362 In WordPress before 4.7.5, a cross-site scripting vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. oval:org.secpod.oval:def:603239 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. oval:org.secpod.oval:def:1900377 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting via Media File Metadata. This is demonstrated by both mishandling of the playlist shortcode in the wp_playlist_shortcode function inwp-includes/media.php and mishandling of meta information in the render Tracks function in wp-inc ... oval:org.secpod.oval:def:1900374 In WordPress before 4.7.5, a cross-site scripting vulnerability related to the Customizer exists, involving an invalid customizationsession. oval:org.secpod.oval:def:602828 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms. oval:org.secpod.oval:def:1900491 Cross-site scripting vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution attack. oval:org.secpod.oval:def:1900431 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. oval:org.secpod.oval:def:1900410 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. oval:org.secpod.oval:def:1900419 In WordPress before 4.7.3 , unintended files can be deleted by administrators using the plugin deletion functionality. oval:org.secpod.oval:def:1900415 In WordPress before 4.7.5, a Cross Site Request Forgery vulnerability exists in the filesystem credentials dia log because a nonce is not required for updating credentials. oval:org.secpod.oval:def:603678 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application c ... oval:org.secpod.oval:def:1900698 The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. oval:org.secpod.oval:def:53528 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application c ... oval:org.secpod.oval:def:1900765 WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c ... oval:org.secpod.oval:def:1901000 Cross-site scripting vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. oval:org.secpod.oval:def:1901051 Cross-site scripting vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. oval:org.secpod.oval:def:602581 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service. oval:org.secpod.oval:def:1901247 Cross-site request forgery vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. oval:org.secpod.oval:def:1901104 Cross-site scripting vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. oval:org.secpod.oval:def:1901221 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. oval:org.secpod.oval:def:1901229 Cross-site request forgery vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer functi ... oval:org.secpod.oval:def:1901147 Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. oval:org.secpod.oval:def:1901057 WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. oval:org.secpod.oval:def:1901328 WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. oval:org.secpod.oval:def:1901535 The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1901540 WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to tran ... oval:org.secpod.oval:def:1901513 Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by ... oval:org.secpod.oval:def:1901500 Cross-site scripting vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. oval:org.secpod.oval:def:1901544 WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. oval:org.secpod.oval:def:1901859 WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this ha ... oval:org.secpod.oval:def:2000387 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. oval:org.secpod.oval:def:127142 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:127147 Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora oval:org.secpod.oval:def:602631 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, cross-site request forgery, path traversal, or bypass restrictions. oval:org.secpod.oval:def:10000585 Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published publi ... |