National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): wordpress core
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 6 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-10102

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

Published: April 16, 2018; 05:58:09 AM -04:00
(not available)
CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Published: April 16, 2018; 05:58:09 AM -04:00
(not available)
CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.

Published: April 16, 2018; 05:58:09 AM -04:00
(not available)
CVE-2014-6412

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Published: April 12, 2018; 05:29:00 PM -04:00
(not available)
CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM