Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WordPress - HackerOne Reports

View on HackerOne

82

Total Reports

4

Critical

18

High

31

Medium

19

Low

Stored XSS on Wordpress 5.3 via Title Post

Reported by: muhammaddaffa | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

antispambot does not always escape <, >, &, " and '

Reported by: flimm | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Clickjacking irclogs.wordpress.org

Reported by: sameull | Disclosed:

Weakness: UI Redressing (Clickjacking)

Add users to groups who have restricted group invites

Reported by: yuvraj_dighe | Disclosed:

High

Weakness: Improper Access Control - Generic

Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth

Reported by: skansing | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

CSRF on comment post

Reported by: lamscun | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment

Reported by: simonscannell | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

[mercantile.wordpress.org] Reflected XSS

Reported by: zeeshank | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

CSRF in Profile Fields allows deleting any field in BuddyPress

Reported by: hoangkien1020 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Self-XSS in WordPress Editor Link Modal

Reported by: anas2024 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce

Reported by: simonscannell | Disclosed:

High

Weakness: Business Logic Errors

Potential unprivileged Stored XSS through wp_targeted_link_rel

Reported by: simonscannell | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Lack of Sanitization and Insufficient Authentication

Reported by: rahulpratap | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Administrator(s) Information disclosure via JSON on wordpress.org

Reported by: 596a96cc7bf9108cd896f33c4 | Disclosed:

Medium

Weakness: Information Disclosure

Multiple stored XSS in WordPress

Reported by: opnsec | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

XSS in the search bar of mercantile.wordpress.org

Reported by: codertom | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

wp-embed XSS on Safari

Reported by: zoczus | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server

Reported by: paragonie-scott | Disclosed:

High

Weakness: Cryptographic Issues - Generic

xss - reflected

Reported by: arunthelegion | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Authenticated XXE

Reported by: sonarsource | Disclosed:

Medium

Weakness: XML External Entities (XXE)

Previous Page 2 of 5 Next