Search Results | AttackerKB

Show filters

Topics 472 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

472 Total Results

Displaying 111-120 of 472

Attacker Value

Unknown

CVE-2019-17670

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-17669

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-17674

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-17671

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-17672

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-17675

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-17673

Disclosure Date: October 17, 2019 (last updated November 27, 2024)

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-16218

Disclosure Date: September 11, 2019 (last updated November 27, 2024)

WordPress before 5.2.3 allows XSS in stored comments.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-16217

Disclosure Date: September 11, 2019 (last updated November 27, 2024)

WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-16221

Disclosure Date: September 11, 2019 (last updated November 27, 2024)

WordPress before 5.2.3 allows reflected XSS in the dashboard.

Attack Vector: Network Privileges: None User Interaction: Required

0