Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-5731 6.8
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing b
04-11-2017 - 01:29 09-11-2015 - 11:59
CVE-2015-5734 4.3
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
04-11-2017 - 01:29 09-11-2015 - 11:59
CVE-2015-5732 4.3
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
04-11-2017 - 01:29 09-11-2015 - 11:59
CVE-2015-2213 7.5
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
04-11-2017 - 01:29 09-11-2015 - 11:59
CVE-2015-5733 4.3
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
21-09-2017 - 01:29 09-11-2015 - 11:59
CVE-2015-5730 5.0
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the
21-09-2017 - 01:29 09-11-2015 - 11:59
Back to Top Mark selected
Back to Top