- Home
- CVEs with nessus.description==According to its self-reported version number, the WordPress application running on the remote web server is 4.5.x prior to 4.5.3.
It is, therefore, affected by the following vulnerabilities :
- An unspecified flaw exists in the Customizer component that allows an unauthenticated, remote attacker to perform a redirect bypass.
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input when handling attachment names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted request, to execute arbitrary script code in a user's browser session.
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to disclose revision history.
- An unspecified flaw exists in oEmbed that allows an unauthenticated, remote attacker to cause a denial of service condition.
- An unspecified flaw exists that allows an unauthenticated, remote attacker to remove categories from posts.
- An unspecified flaw exists that is triggered when handling stolen cookies. An unauthenticated, remote attacker can exploit this to change user passwords.
- Multiple unspecified flaws exist in the sanitize_file_name() function that allow an unauthenticated, remote attacker to have an unspecified impact.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top