CVE-2019-16219 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

4.7%

top 10.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Debian Linux

Timeline

PublishedSep 11

Latest updateMay 24

Description

WordPress before 5.2.3 allows XSS in shortcode previews.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 5.2.3+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress< 5.2.3

▶Debianwordpress/wordpress< 5.2.3+dfsg1-1+3

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-hqq8-34fg-q5jj: WordPress before 5↗2022-05-24

▶

OSV

CVE-2019-16219: WordPress before 5↗2019-09-11

▶

📋Vendor Advisories

Debian

CVE-2019-16219: wordpress - WordPress before 5.2.3 allows XSS in shortcode previews.↗2019

▶

🕵️Threat Intelligence

Fortinet

WordPress (Core) Stored XSS Vulnerability: An Analysis | FortiGuard Labs↗2019-09-12

▶

💬Community

HackerOne

Version problem in wordpress leads to the many vulnearability↗2020-01-10

▶

Bugzilla

CVE-2019-16219 wordpress: XSS in shortcode previews [epel-6]↗2019-11-25

▶

Bugzilla

CVE-2019-16219 wordpress: XSS in shortcode previews↗2019-11-25

▶

Bugzilla

CVE-2019-16219 wordpress: XSS in shortcode previews [epel-7]↗2019-11-25

▶