The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of WP

WordPress Core: Cross Site Scripting via Comments
An attacker can trigger a Cross Site Scripting via Comments of WordPress Core, in order to run JavaScript code in the context of the web site...
CERTFR-2019-AVI-100, CVE-2019-9787, DLA-1742-1, DSA-4677-1, VIGILANCE-VUL-28738
WordPress Core: directory traversal via wp_crop_image
An attacker can traverse directories via wp_crop_image() of WordPress Core, in order to create a file outside the service root path...
CVE-2019-8943, VIGILANCE-VUL-28561
WordPress Core: code execution via _wp_attached_file
An attacker can use a vulnerability via _wp_attached_file of WordPress Core, in order to run code...
CVE-2019-8942, DLA-1742-1, DSA-4401-1, VIGILANCE-VUL-28560
WordPress Core: multiple vulnerabilities
An attacker can use several vulnerabilities of WordPress Core...
CERTFR-2018-AVI-600, CVE-2018-20147, CVE-2018-20148, CVE-2018-20149, CVE-2018-20150, CVE-2018-20151, CVE-2018-20152, CVE-2018-20153, DLA-1673-1, DSA-4401-1, VIGILANCE-VUL-28023
WordPress Core: code execution via PHAR Thumbnail Upload
An attacker can use a vulnerability via PHAR Thumbnail Upload of WordPress Core, in order to run code...
CVE-2017-1000600, CVE-2018-1000773, VIGILANCE-VUL-27177
WordPress Core: denial of service via Media Upload File Deletion
An attacker can generate a fatal error via Media Upload File Deletion of WordPress Core, in order to trigger a denial of service...
CERTFR-2018-AVI-327, VIGILANCE-VUL-26644
WordPress Core: file deletion via Author Delete
An attacker can generate a fatal error via Author Delete of WordPress Core, in order to trigger a denial of service...
CVE-2018-12895, DLA-1452-1, DSA-4250-1, FEDORA-2018-623df1e98d, VIGILANCE-VUL-26554
WordPress: three vulnerabilities
An attacker can use several vulnerabilities of WordPress...
CERTFR-2018-AVI-167, CVE-2018-10100, CVE-2018-10101, CVE-2018-10102, DLA-1366-1, DSA-4193-1, VIGILANCE-VUL-25774
WordPress Core: denial of service via load-scripts.php
An attacker can generate an overload via load-scripts.php of WordPress Core, in order to trigger a denial of service...
CVE-2018-6389, VIGILANCE-VUL-25228
WordPress: Cross Site Scripting via MediaElement Flash Fallback
An attacker can trigger a Cross Site Scripting via MediaElement Flash Fallback of WordPress, in order to run JavaScript code in the context of the web site...
CERTFR-2018-AVI-034, VIGILANCE-VUL-25099
Our database contains other pages. You can request a free trial to read them.

Display information about WP: