In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authorization access and input sanitation.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :

 - Two cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.

 - A remote, authenticated, unprivileged user can make a post sticky via the REST API.

 - wp_kses_bad_protcol() has been hardened to ensure that it is aware of the named colon attribute.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

WordPress versions 5.3.0 and earlier are affected by the following vulnerabilities:

  - Two cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input.
    An unauthenticated, remote attacker can exploit these, by convincing a user to click a specially crafted     URL, to execute arbitrary script code in a user's browser session. 

  - A remote, authenticated, unprivileged user can make a post sticky via the REST API.

  - wp_kses_bad_protcol() has been hardened to ensure that it is aware of the named colon attribute.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
136373	Debian DSA-4677-1 : wordpress - security update	Nessus	Debian Local Security Checks	critical
132736	Debian DSA-4599-1 : wordpress - security update	Nessus	Debian Local Security Checks	critical
98885	WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98799	WordPress 5.2.x < 5.2.5 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98798	WordPress 5.1.x < 5.1.4 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98797	WordPress 5.0.x < 5.0.8 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98796	WordPress 4.9.x < 4.9.13 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98795	WordPress 4.8.x < 4.8.12 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98794	WordPress 4.7.x < 4.7.16 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98793	WordPress 4.6.x < 4.6.17 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98792	WordPress 4.5.x < 4.5.20 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98791	WordPress 4.4.x < 4.4.21 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98790	WordPress 4.3.x < 4.3.22 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98789	WordPress 4.2.x < 4.2.26 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98788	WordPress 4.1.x < 4.1.29 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98787	WordPress 4.0.x < 4.0.29 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98786	WordPress 3.9.x < 3.9.30 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98785	WordPress 3.8.x < 3.8.32 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98784	WordPress 3.7.x < 3.7.32 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
132099	WordPress < 5.3.1	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2019-20042

medium

Tenable Plugins

critical

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium