Wordpress: >> Wordpress >> 4.7.21 Security Vulnerabilities
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
CVSS Score
6.5
EPSS Score
0.939
Published
2019-02-20
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVSS Score
6.5
EPSS Score
0.052
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.
CVSS Score
9.8
EPSS Score
0.46
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
CVSS Score
5.4
EPSS Score
0.033
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
CVSS Score
6.1
EPSS Score
0.05
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
CVSS Score
7.5
EPSS Score
0.051
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVSS Score
6.5
EPSS Score
0.105
Published
2018-12-14
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVSS Score
5.4
EPSS Score
0.043
Published
2018-12-14
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVSS Score
8.8
EPSS Score
0.012
Published
2018-11-16
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
CVSS Score
8.8
EPSS Score
0.278
Published
2018-09-06