vulnerability
FreeBSD: VID-459df1ba-051c-11ea-9673-4c72b94353b5: wordpress -- multiple issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Nov 12, 2019 | Nov 13, 2019 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Nov 12, 2019
Added
Nov 13, 2019
Modified
Dec 10, 2025
Description
wordpress developers reports: Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. rops to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header. Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated. Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
Solutions
freebsd-upgrade-package-wordpressfreebsd-upgrade-package-fr-wordpressfreebsd-upgrade-package-de-wordpressfreebsd-upgrade-package-zh_cn-wordpressfreebsd-upgrade-package-zh_tw-wordpressfreebsd-upgrade-package-ja-wordpressfreebsd-upgrade-package-ru-wordpress
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.