Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 4.8.21  Security Vulnerabilities
CVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
CVSS Score
8.1
EPSS Score
0.275
Published
2021-11-25
CVE-2021-29450
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
CVSS Score
6.5
EPSS Score
0.021
Published
2021-04-15
CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs.
CVSS Score
6.1
EPSS Score
0.16
Published
2020-11-02
CVE-2020-28039
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVSS Score
9.1
EPSS Score
0.06
Published
2020-11-02
CVE-2020-28040
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-11-02
CVE-2020-28032
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVSS Score
9.8
EPSS Score
0.258
Published
2020-11-02
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-11-02
CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables.
CVSS Score
6.1
EPSS Score
0.027
Published
2020-11-02
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
CVSS Score
9.8
EPSS Score
0.049
Published
2020-11-02
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
CVSS Score
9.8
EPSS Score
0.042
Published
2020-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved