vulnerability
FreeBSD: VID-459df1ba-051c-11ea-9673-4c72b94353b5: wordpress -- multiple issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Nov 12, 2019 | Nov 13, 2019 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Nov 12, 2019
Added
Nov 13, 2019
Modified
Dec 10, 2025
Description
wordpress developers reports: Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. rops to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header. Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated. Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
Solutions
freebsd-upgrade-package-wordpressfreebsd-upgrade-package-fr-wordpressfreebsd-upgrade-package-de-wordpressfreebsd-upgrade-package-zh_cn-wordpressfreebsd-upgrade-package-zh_tw-wordpressfreebsd-upgrade-package-ja-wordpressfreebsd-upgrade-package-ru-wordpress
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.