Web application abuses : WordPress Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.112639

Kategorie: Web application abuses

Titel: WordPress Multiple Vulnerabilities - September19 (Windows)

Zusammenfassung: WordPress is prone to multiple vulnerabilities.

Beschreibung: Summary:
WordPress is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- a cross-site scripting (XSS) vulnerability found in post previews by contributors and a cross-site scripting vulnerability in stored comments

- an issue where validation and sanitization of a URL could lead to an open redirect

- reflected cross-site scripting during media uploads

- a vulnerability for cross-site scripting (XSS) in shortcode previews

- a case where reflected cross-site scripting could be found in the dashboard

- an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.

Affected Software/OS:
WordPress 5.2.x before 5.2.3, 5.1.x before 5.1.2, 5.0.x before 5.0.6, 4.9.x before 4.9.11, 4.8.x before 4.8.10,
4.7.x before 4.7.14, 4.6.x before 4.6.15, 4.5.x before 4.5.18, 4.4.x before 4.4.19, 4.3.x before 4.3.20, 4.2.x before 4.2.24, 4.1.x before 4.1.27,
4.0.x before 4.0.27, 3.9.x before 3.9.28, 3.8.x before 3.8.30 and all previous versions before 3.7.30.

Solution:
Update to 5.2.3, 5.1.2, 5.0.6, 4.9.11, 4.8.10, 4.7.14, 4.6.15, 4.5.18, 4.4.19, 4.3.20, 4.2.24,
4.1.27, 4.0.27, 3.9.28, 3.8.30 or 3.7.30 respectively.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-16217
Common Vulnerability Exposure (CVE) ID: CVE-2019-16218
Common Vulnerability Exposure (CVE) ID: CVE-2019-16219
Common Vulnerability Exposure (CVE) ID: CVE-2019-16220
Common Vulnerability Exposure (CVE) ID: CVE-2019-16221
Common Vulnerability Exposure (CVE) ID: CVE-2019-16222
Common Vulnerability Exposure (CVE) ID: CVE-2019-16223

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.112639
Kategorie:	Web application abuses
Titel:	WordPress Multiple Vulnerabilities - September19 (Windows)
Zusammenfassung:	WordPress is prone to multiple vulnerabilities.
Beschreibung:	Summary: WordPress is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - a cross-site scripting (XSS) vulnerability found in post previews by contributors and a cross-site scripting vulnerability in stored comments - an issue where validation and sanitization of a URL could lead to an open redirect - reflected cross-site scripting during media uploads - a vulnerability for cross-site scripting (XSS) in shortcode previews - a case where reflected cross-site scripting could be found in the dashboard - an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks. Affected Software/OS: WordPress 5.2.x before 5.2.3, 5.1.x before 5.1.2, 5.0.x before 5.0.6, 4.9.x before 4.9.11, 4.8.x before 4.8.10, 4.7.x before 4.7.14, 4.6.x before 4.6.15, 4.5.x before 4.5.18, 4.4.x before 4.4.19, 4.3.x before 4.3.20, 4.2.x before 4.2.24, 4.1.x before 4.1.27, 4.0.x before 4.0.27, 3.9.x before 3.9.28, 3.8.x before 3.8.30 and all previous versions before 3.7.30. Solution: Update to 5.2.3, 5.1.2, 5.0.6, 4.9.11, 4.8.10, 4.7.14, 4.6.15, 4.5.18, 4.4.19, 4.3.20, 4.2.24, 4.1.27, 4.0.27, 3.9.28, 3.8.30 or 3.7.30 respectively. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-16217 Common Vulnerability Exposure (CVE) ID: CVE-2019-16218 Common Vulnerability Exposure (CVE) ID: CVE-2019-16219 Common Vulnerability Exposure (CVE) ID: CVE-2019-16220 Common Vulnerability Exposure (CVE) ID: CVE-2019-16221 Common Vulnerability Exposure (CVE) ID: CVE-2019-16222 Common Vulnerability Exposure (CVE) ID: CVE-2019-16223
Copyright	Copyright (C) 2019 Greenbone Networks GmbH