NotCVE - vendor:"Automattic" product:"WordPress"

5 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-31111 – WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-31111

24 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9. WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and out... • https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0

CVE-2024-32111 – WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability

https://notcve.org/view.php?id=CVE-2024-32111

24 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through ... • https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-50879 – WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-50879

26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en Automattic WordPress.Com Editing Toolkit permite XSS almacenado. Este problema afecta al WordPress.Com Editing Toolkit: desde n/a hasta 3.78784. The ... • https://patchstack.com/database/vulnerability/full-site-editing/wordpress-wordpress-com-editing-toolkit-plugin-3-78784-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 4

CVE-2015-3429 – Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html

https://notcve.org/view.php?id=CVE-2015-3429

08 Apr 2015 — Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. Vulnerabilidad de XSS en example.html en Genericons anterior a 3.3.1, utilizado en WordPress anterior a 4.2.2, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un identificador de fragmentos. The security update for wordpress in DSA 3328 contained a regres... • https://packetstorm.news/files/id/131802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3

CVE-2011-4673 – WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection

https://notcve.org/view.php?id=CVE-2011-4673

02 Dec 2011 — SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en modules/sharedaddy.php en el complemento Jetpack para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/18126 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •