Security Advisories · WordPress/wordpress-develop · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Remote Code Execution in `WP_HTML_Token`
GHSA-m257-q4m5-j653 published Apr 3, 2024 by peterwilsoncc

Moderate
PHP file upload bypass via Plugin installer
GHSA-x79f-xrjv-jx5r published Apr 3, 2024 by peterwilsoncc

High
WordPress: SQL injection due to improper sanitization in WP_Meta_Query
GHSA-jp3p-gw8h-6x86 published Jan 6, 2022 by ehti

Moderate
WordPress: Authenticated Object Injection in Multisites
GHSA-jmmq-m8p8-332h published Jan 6, 2022 by ehti

Low
WordPress: Stored XSS through authenticated users
GHSA-699q-3hj9-889w published Jan 6, 2022 by ehti

Moderate
WordPress: SQL Injection through WP_Query
GHSA-6676-cqfm-gw84 published Jan 6, 2022 by ehti

High
WordPress 5.8 beta: Private data disclosure/privilege escalation through the block editor
GHSA-qxvw-qxm9-qvg6 published Sep 9, 2021 by ehti

Moderate
Authenticated cross-site scripting (XSS) in WordPress editor
GHSA-wh69-25hr-h94v published Sep 9, 2021 by ehti

Moderate
WordPress: Information Disclosure in wp_die() via JSONP, leading to CSRF
GHSA-m9hc-7v5q-x8q5 published Sep 9, 2021 by ehti

Moderate
WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget editor
GHSA-fr6h-3855-j297 published Sep 9, 2021 by ehti

Low