WP Exploits

November 1, 2020

CVE-2020-28039: is_protected_meta in wp-includes/meta.ph…

https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ https://wpscan.com/vulnerability/10452 https://www.debian.org/security/2020/dsa-4784 View Original Source Source…

Read More…

CVE-2020-28040: WordPress before 5.5.2 allows CSRF attac…

https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ https://www.debian.org/security/2020/dsa-4784 View Original Source Source…

Read More…

CVE-2020-28037: is_blog_installed in wp-includes/functio…

https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ https://wpscan.com/vulnerability/10450 https://www.debian.org/security/2020/dsa-4784 View Original Source Source…

Read More…

CVE-2020-28036: wp-includes/class-wp-xmlrpc-server.php i…

https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ https://wpscan.com/vulnerability/10449 https://www.debian.org/security/2020/dsa-4784 View Original Source Source…

Read More…

CVE-2020-28032: WordPress before 5.5.2 mishandles deseri…

https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ https://wpscan.com/vulnerability/10446 https://www.debian.org/security/2020/dsa-4784 View Original Source Source…

Read More…

CVE-2020-28038: WordPress before 5.5.2 allows stored XSS…

WordPress before 5.5.2 allows stored XSS via post slugs. View Original Source Source…

Read More…

CVE-2020-28035: WordPress before 5.5.2 allows attackers …

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. View Original Source Source…

Read More…

CVE-2020-28034: WordPress before 5.5.2 allows XSS associ…

WordPress before 5.5.2 allows XSS associated with global variables. View Original Source Source…

Read More…

CVE-2020-28033: WordPress before 5.5.2 mishandles embeds…

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. View Original Source…

Read More…

September 12, 2020

CVE-2020-25286: In wp-includes/comment-template.php in W…

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if…

Read More…