| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-5731 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing b
|
04-11-2017 - 01:29 | 09-11-2015 - 11:59 | |
| CVE-2015-5622 | 3.5 |
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to w
|
04-11-2017 - 01:29 | 03-08-2015 - 14:59 | |
| CVE-2015-5734 | 4.3 |
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
|
04-11-2017 - 01:29 | 09-11-2015 - 11:59 | |
| CVE-2015-5732 | 4.3 |
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
|
04-11-2017 - 01:29 | 09-11-2015 - 11:59 | |
| CVE-2015-2213 | 7.5 |
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
|
04-11-2017 - 01:29 | 09-11-2015 - 11:59 | |
| CVE-2015-5730 | 5.0 |
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the
|
21-09-2017 - 01:29 | 09-11-2015 - 11:59 |