Filtered by vendor Automattic
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58674 | 2 Automattic, Wordpress | 2 Wordpress, Wordpress | 2025-09-25 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector. This issue affects WordPress: from n/a through 6.8.2. | ||||
| CVE-2025-58246 | 2 Automattic, Wordpress | 2 Wordpress, Wordpress | 2025-09-25 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Automattic WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from n/a through 6.8.2 | ||||
Page 1 of 1.