WordPress Core 漏洞列表

此漏洞允许远程攻击者泄露有关受影响的WordPress核心安装的敏感信息，Authentication 不需要利用此漏洞，具体缺陷存在于 WP_Query 类中，该问题是由于在使用用户提供的字符串构建SQL查询之前没有对其进行适当的验证，An attacker 可以利用此漏洞来泄露存储的凭据，从而导致进一步的危害。

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter.

WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'list_users' capability, the search is applied to the user_email column.

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name.