Debian Wordpress vulnerabilities

CVE-2026-3906 [MEDIUM] CVE-2026-3906: wordpress - WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.... WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticate

CVE-2025-58674 [MEDIUM] CVE-2025-58674: wordpress - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti... Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress:

CVE-2025-58246 [MEDIUM] CVE-2025-58246: wordpress - Insertion of Sensitive Information Into Sent Data vulnerability in WordPress all... Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from

CVE-2025-54352 [LOW] CVE-2025-54352: wordpress - WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private a... WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-31210 [HIGH] CVE-2024-31210: wordpress - WordPress is an open publishing platform for the Web. It's possible for a file o... WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the

CVE-2024-4439 [HIGH] CVE-2024-4439: wordpress - WordPress Core is vulnerable to Stored Cross-Site Scripting via user display nam... WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses

CVE-2024-31111 [MEDIUM] CVE-2024-31111: wordpress - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9. Scope: local bookw

CVE-2024-6307 [MEDIUM] CVE-2024-6307: wordpress - WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in ... WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an inject

CVE-2024-31211 [MEDIUM] CVE-2024-31211: wordpress - WordPress is an open publishing platform for the Web. Unserialization of instanc... WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 6.4.2+d

CVE-2024-32111 [MEDIUM] CVE-2024-32111: wordpress - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v... Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5

CVE-2023-5561 [MEDIUM] CVE-2023-5561: wordpress - WordPress does not properly restrict which user fields are searchable via the RE... WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack Scope: local bookworm: resolved (fixed in 6.1.6+dfsg1-0+deb12u1) bullseye: resolved (fixed in 5.7.11+dfsg1-0+deb11u1) for

CVE-2023-39999 [MEDIUM] CVE-2023-39999: wordpress - Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3... Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18,

CVE-2023-38000 [MEDIUM] CVE-2023-38000: wordpress - Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPres... Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions. Scope: local bookworm: resolved (fixed in 6.1.6+dfsg1-0+deb12u1) bullseye: resolved forky: resolved (fixed in 6.3.2+dfsg1-

CVE-2023-2745 [MEDIUM] CVE-2023-2745: wordpress - WordPress Core is vulnerable to Directory Traversal in versions up to, and inclu... WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Si

CVE-2023-5692 [MEDIUM] CVE-2023-5692: wordpress - WordPress Core is vulnerable to Sensitive Information Exposure in versions up to... WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 6.5+df

CVE-2023-22622 [MEDIUM] CVE-2023-22622: wordpress - WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.... WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts

CVE-2022-21662 [HIGH] CVE-2022-21662: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed

CVE-2022-21661 [HIGH] CVE-2022-21661: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security re

CVE-2022-21664 [HIGH] CVE-2022-21664: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.3

CVE-2022-21663 [MEDIUM] CVE-2022-21663: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that