CVSS Base Vector:
Wordpress is prone to multiple vulnerabilities.
The following vulnerabilities exist:
- a cross-site scripting (XSS) vulnerability found in post previews by contributors and a cross-site scripting vulnerability in stored comments
- an issue where validation and sanitization of a URL could lead to an open redirect
- reflected cross-site scripting during media uploads
- a vulnerability for cross-site scripting (XSS) in shortcode previews
- a case where reflected cross-site scripting could be found in the dashboard
- an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
WordPress 5.2.x before 5.2.3, 5.1.x before 5.1.2, 5.0.x before 5.0.6, 4.9.x before 4.9.11, 4.8.x before 4.8.10,
4.7.x before 4.7.14, 4.6.x before 4.6.15, 4.5.x before 4.5.18, 4.4.x before 4.4.19, 4.3.x before 4.3.20, 4.2.x before 4.2.24, 4.1.x before 4.1.27,
4.0.x before 4.0.27, 3.9.x before 3.9.28, 3.8.x before 3.8.30 and all previous versions before 3.7.30.
Checks if a vulnerable version is present on the target host.
Update to 5.2.3, 5.1.2, 5.0.6, 4.9.11, 4.8.10, 4.7.14, 4.6.15, 4.5.18, 4.4.19, 4.3.20, 4.2.24,
4.1.27, 4.0.27, 3.9.28, 3.8.30 or 3.7.30 respectively.