Page 4 of 201 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. WordPress versiones anteriores a 5.5.2, maneja inapropiadamente las inserciones de sitios deshabilitados en una red multisitio, como es demostrado al permitir una inserción de spam • https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release https://www. • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. WordPress versiones anteriores a 5.5.2, permite a atacantes conseguir privilegios por medio de XML-RPC • https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release https://www. • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. El archivo wp-includes/class-wp-xmlrpc-server.php en WordPress versiones anteriores a 5.5.2, permite a atacantes conseguir privilegios mediante el uso de XML-RPC para comentar una publicación • https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •

CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. La función is_protected_meta en el archivo wp-includes/meta.php en WordPress versiones anteriores a 5.5.2, permite la eliminación arbitraria de archivos porque no determina apropiadamente si una clave meta es considerada protegida • https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org • CWE-285: Improper Authorization •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. WordPress versiones anteriores a 5.5.2, permite ataques de tipo CSRF que cambian la imagen de fondo del tema • https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org&# • CWE-352: Cross-Site Request Forgery (CSRF) •