Blog

WordPress Plugin Vulnerabilities Multi Scheduler <= 1.0.0 – Arbitrary Record Deletion via CSRFMapPress Maps < 2.54.6 – Improper Capability Checks in AJAX CallsbbPress < 2.6.5 – Authenticated Stored Cross-Site Scripting via the forums list tablebbPress 2.6-2.6.5 – Authenticated Privilege Escalation via the Super Moderator featurebbPress < 2.6.5 – Unauthenticated Privilege Escalation when New User Registration…

WordPress Core Vulnerabilities WordPress < 5.4.1 – Stored Cross-Site Scripting (XSS) in CustomizerWordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in File UploadsWordPress < 5.4.1 – Cross-Site Scripting (XSS) in wp-object-cacheWordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in Search BlockWordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in CustomizerWordPress < 5.4.1 – Unauthenticated Users…

Since we launched our WordPress vulnerability database in 2014, we have been lacking one important factor, vulnerability risk scores. This was partly due to not being able to decide on which risk scoring system to use, not having the time to implement the system, and not having the time to assign risk scores to new vulnerabilities, if…