| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-17674 | 3.5 |
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
|
03-02-2023 - 21:54 | 17-10-2019 - 13:15 | |
| CVE-2019-17675 | 6.8 |
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
|
03-02-2023 - 21:54 | 17-10-2019 - 13:15 | |
| CVE-2019-17672 | 4.3 |
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
|
03-02-2023 - 21:54 | 17-10-2019 - 13:15 | |
| CVE-2019-17671 | 5.0 |
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
|
03-02-2023 - 21:54 | 17-10-2019 - 13:15 | |
| CVE-2019-17669 | 7.5 |
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
|
03-02-2023 - 21:50 | 17-10-2019 - 13:15 | |
| CVE-2019-17670 | 7.5 |
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
|
07-11-2022 - 19:12 | 17-10-2019 - 13:15 | |
| CVE-2019-17673 | 5.0 |
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
|
31-03-2022 - 17:51 | 17-10-2019 - 13:15 |