The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of WP

WordPress Core: code execution via PHAR Thumbnail Upload
An attacker can use a vulnerability via PHAR Thumbnail Upload of WordPress Core, in order to run code...
CVE-2017-1000600, CVE-2018-1000773, VIGILANCE-VUL-27177
WordPress Core: denial of service via Media Upload File Deletion
An attacker can generate a fatal error via Media Upload File Deletion of WordPress Core, in order to trigger a denial of service...
CERTFR-2018-AVI-327, VIGILANCE-VUL-26644
WordPress Core: file deletion via Author Delete
An attacker can generate a fatal error via Author Delete of WordPress Core, in order to trigger a denial of service...
CVE-2018-12895, DLA-1452-1, DSA-4250-1, FEDORA-2018-623df1e98d, VIGILANCE-VUL-26554
WordPress: three vulnerabilities
An attacker can use several vulnerabilities of WordPress...
CERTFR-2018-AVI-167, CVE-2018-10100, CVE-2018-10101, CVE-2018-10102, DLA-1366-1, DSA-4193-1, VIGILANCE-VUL-25774
WordPress Core: denial of service via load-scripts.php
An attacker can generate an overload via load-scripts.php of WordPress Core, in order to trigger a denial of service...
CVE-2018-6389, VIGILANCE-VUL-25228
WordPress: Cross Site Scripting via MediaElement Flash Fallback
An attacker can trigger a Cross Site Scripting via MediaElement Flash Fallback of WordPress, in order to run JavaScript code in the context of the web site...
CERTFR-2018-AVI-034, VIGILANCE-VUL-25099
WordPress Core: four vulnerabilities
An attacker can use several vulnerabilities of WordPress Core...
CERTFR-2017-AVI-438, CVE-2017-17091, CVE-2017-17092, CVE-2017-17093, CVE-2017-17094, DLA-1216-1, DSA-4090-1, FEDORA-2017-15ce66d344, FEDORA-2017-994ff5ced8, VIGILANCE-VUL-24595
WordPress Core: SQL injection via wpdb-prepare
An attacker can use a SQL injection via wpdb-prepare of WordPress Core, in order to read or alter data...
CERTFR-2017-AVI-388, CVE-2017-16510, DLA-1160-1, DSA-4090-1, FEDORA-2017-6fd6877975, FEDORA-2017-9d0ff8d851, VIGILANCE-VUL-24278
WordPress Core: Cross Site Scripting via flashmediaelement.swf
An attacker can trigger a Cross Site Scripting via flashmediaelement.swf of WordPress Core, in order to run JavaScript code in the context of the web site...
CVE-2016-9263, DLA-1151-1, DLA-1151-2, VIGILANCE-VUL-24131
WordPress Core: privilege escalation via wp_signups.activation_key
An attacker can bypass restrictions via wp_signups.activation_key of WordPress, in order to escalate his privileges...
38474, CVE-2017-14990, DLA-1151-1, DLA-1151-2, DSA-3997-1, VIGILANCE-VUL-24012
Our database contains other pages. You can request a free trial to read them.

Display information about WP: