vulnerability

FreeBSD: VID-459DF1BA-051C-11EA-9673-4C72B94353B5: wordpress -- multiple issues

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	2019-10-14	2019-11-13	2025-02-19

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

2019-10-14

Added

2019-11-13

Modified

2025-02-19

Description

wordpress developers reports:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting)

could be added via the Customizer.

rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.

Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript

into style tags.

rops to David Newman for highlighting a method to poison the cache of JSON GET requests

via the Vary: Origin header.

Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs

are validated.

Props to Ben Bidner of the WordPress Security Team who discovered issues related to

referrer validation in the admin.

Solution(s)

freebsd-upgrade-package-de-wordpressfreebsd-upgrade-package-fr-wordpressfreebsd-upgrade-package-ja-wordpressfreebsd-upgrade-package-ru-wordpressfreebsd-upgrade-package-wordpressfreebsd-upgrade-package-zh_cn-wordpressfreebsd-upgrade-package-zh_tw-wordpress

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today