Wordpress Wordpress-develop
17 CVEs affecting Wordpress Wordpress-develop. Latest disclosed: 2024-04-04. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-21662 | High | 8.0 | 2022-01-06 | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like autho… |
CVE-2022-21661 | High | 8.0 | 2022-01-06 | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, ther… |
CVE-2024-31210 | High | 7.7 | 2024-04-04 | WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administra… |
CVE-2021-39202 | High | 7.6 | 2021-09-09 | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets edit… |
CVE-2021-39201 | High | 7.6 | 2021-09-09 | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authen… |
CVE-2022-21664 | High | 7.4 | 2022-01-06 | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of t… |
CVE-2021-29447 | High | 7.1 | 2021-04-15 | Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE… |
CVE-2021-39203 | Medium | 6.8 | 2021-09-09 | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated us… |
CVE-2020-4047 | Medium | 6.8 | 2020-06-12 | In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pag… |
CVE-2022-21663 | Medium | 6.6 | 2022-01-06 | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role ca… |
CVE-2021-29450 | Medium | 6.5 | 2021-04-15 | Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requ… |
CVE-2020-4048 | Medium | 5.7 | 2020-06-12 | In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to uninten… |
CVE-2024-31211 | Medium | 5.5 | 2024-04-04 | WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()… |
CVE-2020-4046 | Medium | 5.4 | 2020-06-12 | In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML… |
CVE-2021-39200 | Medium | 5.3 | 2021-09-09 | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of t… |
CVE-2020-4050 | Low | 3.5 | 2020-06-12 | In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an ad… |
CVE-2020-4049 | Low | 2.4 | 2020-06-12 | In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-a… |