| Max CVSS | 6.8 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-8942 | 6.5 |
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe
|
21-07-2021 - 11:39 | 20-02-2019 - 03:29 | |
| CVE-2019-9787 | 6.8 |
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elem
|
31-03-2019 - 22:29 | 14-03-2019 - 16:29 |