Page 11 of 121 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. WordPress versiones anteriores a 5.2.4, es vulnerable al envenenamiento de la memoria caché de peticiones JSON GET porque ciertas peticiones carecen de un encabezado Vary: Origin. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46478 https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9911 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque las rutas (paths) de Windows son manejadas inapropiadamente durante cierta comprobación de las URL relativas. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46472 https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00010.html https://wordpress.org/news/2019/10/wordpress-5-2-4-security-r • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. En WordPress versiones anteriores a 5.2.3, la comprobación y el saneamiento de una URL en la función wp_validate_redirect en el archivo wp-includes/pluggable.php podría conllevar a un redireccionamiento abierto. In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. • https://core.trac.wordpress.org/changeset/45971 https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28 https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9863 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. WordPress versiones anteriores a 5.2.3, permite un ataque de tipo XSS en cargas multimedia porque wp_ajax_upload_attachment es manejado inapropiadamente. • https://core.trac.wordpress.org/changeset/45936 https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2

WordPress before 5.2.3 allows XSS in post previews by authenticated users. WordPress versiones anteriores a 5.2.3, permite un ataque de tipo XSS en las vistas previas de publicaciones por parte de usuarios autenticados. WordPress core versions 5.2.2 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49338 http://packetstormsecurity.com/files/160745/WordPress-Core-5.2.2-Cross-Site-Scripting.html https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9862 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •