Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 0.72  Security Vulnerabilities
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
CVSS Score
8.0
EPSS Score
0.906
Published
2022-01-06
CVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
CVSS Score
8.1
EPSS Score
0.387
Published
2021-11-25
CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs.
CVSS Score
6.1
EPSS Score
0.16
Published
2020-11-02
CVE-2020-28039
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVSS Score
9.1
EPSS Score
0.06
Published
2020-11-02
CVE-2020-28040
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-11-02
CVE-2020-28032
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVSS Score
9.8
EPSS Score
0.207
Published
2020-11-02
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-11-02
CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables.
CVSS Score
6.1
EPSS Score
0.027
Published
2020-11-02
CVE-2020-28035
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
CVSS Score
9.8
EPSS Score
0.049
Published
2020-11-02
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
CVSS Score
9.8
EPSS Score
0.048
Published
2020-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved