| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-4047 | 3.5 |
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privilege
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2020-4048 | 4.9 |
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2020-4050 | 6.0 |
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged b
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2019-17670 | 7.5 |
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
|
07-11-2022 - 19:12 | 17-10-2019 - 13:15 | |
| CVE-2020-4049 | 3.5 |
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severit
|
23-12-2020 - 18:51 | 12-06-2020 - 16:15 |