Security Advisories · WordPress/wordpress-develop · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

WordPress: Authenticated disclosure of password-protected posts and pages
GHSA-pmmh-2f36-wvhq published Apr 15, 2021 by ehti

Moderate
WordPress: Authenticated XXE attack when installation is running PHP 8
GHSA-rv47-pc52-qrhh published Apr 15, 2021 by ehti

Moderate
WordPress: 'set-screen-option' filter misuse by plugins leading to privilege escalation
GHSA-4vpv-fgg2-gcqc published Jun 12, 2020 by ehti

Moderate
WordPress: Authenticated self-XSS via theme uploads
GHSA-87h4-phjv-rm6p published Jun 12, 2020 by ehti

Low
WordPress: Open redirect in wp_validate_redirect()
GHSA-q6pw-gvf4-5fj5 published Jun 12, 2020 by ehti

Low
WordPress: Authenticated XSS via media attachment page
GHSA-8q2w-5m27-wm27 published Jun 12, 2020 by ehti

Moderate
WordPress: Authenticated XSS through embed block
GHSA-rpwf-hrh2-39jf published Jun 12, 2020 by ehti

Moderate
Cross-site scripting (XSS) in Search block - WordPress
GHSA-vccm-6gmc-qhjh published Apr 30, 2020 by ehti

Low
WordPress: Cross-site scripting in stats method (object cache)
GHSA-568w-8m88-8g2c published Apr 30, 2020 by ehti

Moderate
WordPress: Unauthenticated disclosure of certain private posts
GHSA-xhx9-759f-6p2w published Apr 30, 2020 by ehti

Low