WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.
2747a0842119425378a1378f7692a4eca0ef390a27497cfbb5b9ecd9e53c5e9f
An arbitrary file deletion vulnerability in the WordPress core allows any user with privileges of an Author to completely take over the WordPress site and to execute arbitrary code on the server.
450966fcdaaef9283f89a86c7c9de92034c4bd56d35ca9d964c2be9545cd30ea
WordPress Core version 5.6.2 appears to suffer from an xpath injection vulnerability via the log parameter.
a09643f53bbe40a0895f24e822cdf7d8d6272510d96b3443e6ac504dcecae219
WordPress Core versions 6.2 and below suffer from cross site request forgery, persistent cross site scripting, shortcode execution, insufficient sanitization, and directory traversal vulnerabilities.
3d8efef1ea0dad889c40870748373ac31bd5e9a184eceac6a8668dafb5fdcb38
The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.
0294b797dfc8902604de84c76092b7f611cd98068035d347145eca92a5a38499
WordPress Core versions 5.9.0 through 5.9.1 suffer from a persistent cross site scripting vulnerability.
4297c153bf0045065c8a04b47e2b1b207b98f68ddc673a4bdd06ce6fb46debc6
WordPress Core version 5.8.2 suffers from a remote SQL injection vulnerability.
290da5cda0c4555d189721910ddbcdad3d2627d4297306b55fc39785acd1346a
WordPress core versions 5.2.2 and below suffer from a cross site scripting vulnerability.
c9c85f985108f8e92174599c2942f9ba153160f4208d223bcbd889a4eda01b3d
WordPress Core suffers from a load-scripts.php denial of service vulnerability.
90ddb66c987de35f176ec117059c00459eaf78cbd14c3774555863f298085f05