| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-16220 | 5.8 |
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
|
21-08-2024 - 16:15 | 11-09-2019 - 14:15 | |
| CVE-2019-16221 | 4.3 |
WordPress before 5.2.3 allows reflected XSS in the dashboard.
|
31-01-2023 - 19:34 | 11-09-2019 - 14:15 | |
| CVE-2019-16218 | 4.3 |
WordPress before 5.2.3 allows XSS in stored comments.
|
31-01-2023 - 19:34 | 11-09-2019 - 14:15 | |
| CVE-2019-16219 | 4.3 |
WordPress before 5.2.3 allows XSS in shortcode previews.
|
31-01-2023 - 19:34 | 11-09-2019 - 14:15 | |
| CVE-2019-16217 | 4.3 |
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
|
31-01-2023 - 19:34 | 11-09-2019 - 14:15 | |
| CVE-2019-16222 | 4.3 |
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
|
31-01-2023 - 19:34 | 11-09-2019 - 14:15 | |
| CVE-2019-16223 | 3.5 |
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
|
07-10-2022 - 01:50 | 11-09-2019 - 14:15 |