Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 5.1.15  Security Vulnerabilities
CVE-2019-16222
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.024
Published
2019-09-11
CVE-2019-16223
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
CVSS Score
5.4
EPSS Score
0.043
Published
2019-09-11
CVE-2019-16217
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
CVSS Score
6.1
EPSS Score
0.026
Published
2019-09-11
CVE-2019-16218
WordPress before 5.2.3 allows XSS in stored comments.
CVSS Score
6.1
EPSS Score
0.024
Published
2019-09-11
CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews.
CVSS Score
6.1
EPSS Score
0.047
Published
2019-09-11
CVE-2019-16220
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-09-11
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-11-16
CVE-2013-5918
Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-09-23
CVE-2012-2759
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-05-22
CVE-2012-2920
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-05-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved