CVE-2019-20041

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

packagechannelchannel versionpkg versionstatus
wordpress
nixos-19.09
2020-03-30 14:35:33 UTC (856dbd)5.2.5vulnerable
2020-03-30 00:15:23 UTC (c7363c)5.2.5vulnerable
2020-03-29 21:00:19 UTC (1bf263)5.2.5vulnerable
2020-03-29 09:00:24 UTC (ace3bb)5.2.5vulnerable
2020-03-28 14:45:33 UTC (598a9c)5.2.5vulnerable
2020-03-28 03:55:23 UTC (64a3cc)5.2.5vulnerable
2020-03-27 20:40:23 UTC (3be8b4)5.2.5vulnerable
2020-03-26 19:25:25 UTC (ae4841)5.2.5vulnerable
2020-03-18 08:45:18 UTC (bf7c0f)5.2.5vulnerable
2020-03-17 13:35:40 UTC (107ffb)5.2.5vulnerable
2020-03-15 20:05:30 UTC (3b9b10)5.2.5vulnerable
2020-03-15 00:25:23 UTC (64565f)5.2.5vulnerable
2020-03-13 20:10:35 UTC (68d2f8)5.2.5vulnerable
2020-03-10 14:35:38 UTC (d7843c)5.2.5vulnerable
2020-03-10 09:05:35 UTC (8d3ff5)5.2.5vulnerable
2020-03-09 17:40:35 UTC (bcc922)5.2.5vulnerable
2020-03-09 05:10:32 UTC (92231f)5.2.5vulnerable
2020-03-07 17:25:40 UTC (a81842)5.2.5vulnerable
2020-03-07 13:05:39 UTC (71c6a1)5.2.5vulnerable
2020-03-07 05:15:36 UTC (815dd7)5.2.5vulnerable
2020-03-06 06:30:17 UTC (dca7ec)5.2.5vulnerable
2020-03-05 17:15:40 UTC (7d31bb)5.2.5vulnerable
2020-03-04 16:30:28 UTC (d1918b)5.2.5vulnerable
2020-03-04 06:30:30 UTC (00115f)5.2.5vulnerable
2020-03-03 09:25:37 UTC (84f47b)5.2.5vulnerable
2020-02-28 06:05:32 UTC (ce9f1a)5.2.5vulnerable
2020-02-27 04:15:28 UTC (d0b3ab)5.2.5vulnerable
2020-02-26 15:10:37 UTC (b7bbc6)5.2.5vulnerable
2020-02-26 06:25:24 UTC (d86524)5.2.5vulnerable
2020-02-25 14:00:18 UTC (57a495)5.2.5vulnerable
2020-02-25 00:20:42 UTC (790970)5.2.5vulnerable
2020-02-24 08:05:23 UTC (58a9ac)5.2.5vulnerable
2020-02-23 22:50:37 UTC (c5bb38)5.2.5vulnerable
2020-02-22 14:55:44 UTC (c2c5dc)5.2.5vulnerable
2020-02-22 12:10:38 UTC (85548f)5.2.5vulnerable
2020-02-16 03:30:32 UTC (8731aa)5.2.5vulnerable
2020-02-12 13:10:43 UTC (b9cb3b)5.2.5vulnerable
2020-02-08 01:50:33 UTC (c49da6)5.2.5vulnerable
2020-02-07 04:10:17 UTC (2de936)5.2.5vulnerable
2020-02-06 14:00:24 UTC (463477)5.2.5vulnerable
2020-02-03 10:30:42 UTC (ea553d)5.2.5vulnerable
2020-02-02 16:35:27 UTC (8b76b1)5.2.5vulnerable
2020-02-01 18:00:40 UTC (d3d2de)5.2.5vulnerable
2020-01-30 18:20:24 UTC (1dadef)5.2.5vulnerable
2020-01-29 17:30:32 UTC (6d9a4a)5.2.5vulnerable
2020-01-29 15:45:44 UTC (845b91)5.2.5vulnerable
2020-01-28 02:30:43 UTC (274e09)5.2.5vulnerable
2020-01-27 10:20:40 UTC (299fbc)5.2.5vulnerable
2020-01-25 19:10:37 UTC (57c35c)5.2.5vulnerable
2020-01-24 05:20:34 UTC (e6391b)5.2.5vulnerable
2020-01-23 06:05:40 UTC (a0fedb)5.2.5vulnerable
2020-01-22 16:55:36 UTC (0fe895)5.2.5vulnerable
2020-01-21 19:45:28 UTC (5d6da4)5.2.5vulnerable
2020-01-19 20:00:16 UTC (d14cea)5.2.5vulnerable
2020-01-19 09:45:32 UTC (5b9eee)5.2.5vulnerable
2020-01-18 15:30:40 UTC (d12655)5.2.5vulnerable
2020-01-18 04:55:18 UTC (63a356)5.2.5vulnerable
2020-01-17 22:20:19 UTC (692a8c)5.2.5vulnerable
2020-01-14 03:00:33 UTC (eb65d1)5.2.5vulnerable
2020-01-13 12:15:41 UTC (5dc4d0)5.2.5vulnerable
2020-01-12 10:05:28 UTC (f7d050)5.2.5vulnerable
2020-01-11 11:35:40 UTC (9f453e)5.2.5vulnerable
2020-01-10 04:30:25 UTC (caad1a)5.2.5vulnerable
2020-01-09 09:50:31 UTC (b047b7)5.2.5vulnerable
2020-01-09 04:40:19 UTC (db5273)5.2.5vulnerable
2020-01-08 20:15:31 UTC (ac2184)5.2.5vulnerable
2020-01-07 15:50:38 UTC (fd4ccd)5.2.5vulnerable
2020-01-07 07:55:44 UTC (d245ff)5.2.5vulnerable
2020-01-06 18:55:33 UTC (db3e83)5.2.5vulnerable
2020-01-06 01:40:27 UTC (b92650)5.2.5vulnerable
2020-01-05 08:35:31 UTC (a30706)5.2.5vulnerable
2020-01-04 22:40:26 UTC (54c9e1)5.2.5vulnerable
2020-01-04 10:10:27 UTC (2d9454)5.2.4vulnerable
2020-01-03 03:40:48 UTC (ad1e1a)5.2.4vulnerable
2019-12-30 03:40:30 UTC (eab4ee)5.2.4vulnerable
2019-12-29 08:05:29 UTC (0d9055)5.2.4vulnerable
2019-12-29 00:30:42 UTC (c5d556)5.2.4vulnerable
2019-12-15 19:50:25 UTC (d85e43)5.2.4vulnerable
2019-12-14 20:35:14 UTC (57b7b0)5.2.4vulnerable
2019-12-14 12:15:34 UTC (7351aa)5.2.4vulnerable
2019-12-11 01:15:24 UTC (45ea60)5.2.4vulnerable
2019-12-09 15:40:12 UTC (3a1861)5.2.4vulnerable
2019-12-09 12:37:41 UTC (808d3c)5.2.4vulnerable
2019-11-19 17:55:35 UTC (e18436)5.2.4vulnerable
2019-11-16 05:20:17 UTC (9104be)5.2.4vulnerable
2019-11-15 16:45:24 UTC (851d5b)5.2.4vulnerable
2019-11-15 13:45:26 UTC (259a67)5.2.4vulnerable
2019-11-15 12:50:35 UTC (133d83)5.2.4vulnerable
2019-11-13 13:55:19 UTC (cb2cda)5.2.4vulnerable
2019-11-13 12:55:17 UTC (e6a37e)5.2.4vulnerable
2019-11-12 12:50:19 UTC (ef8c34)5.2.4vulnerable
2019-11-12 06:50:36 UTC (d493b9)5.2.4vulnerable
2019-11-10 19:15:33 UTC (2d8969)5.2.4vulnerable
2019-11-10 08:05:38 UTC (a22b01)5.2.4vulnerable
2019-11-09 14:35:32 UTC (bae4d7)5.2.4vulnerable
2019-11-09 02:50:37 UTC (107e2b)5.2.4vulnerable
2019-11-08 22:50:25 UTC (d9a83d)5.2.4vulnerable
2019-11-08 07:25:13 UTC (d62852)5.2.4vulnerable
2019-11-07 13:45:22 UTC (821c7e)5.2.4vulnerable
2019-11-01 09:50:45 UTC (c5aabb)5.2.4vulnerable
2019-10-28 15:35:16 UTC (c75de8)5.2.4vulnerable
2019-10-26 10:13:44 UTC (27a5dd)5.2.4vulnerable
2019-10-22 23:35:42 UTC (f6dac8)5.2.3vulnerable
2019-10-21 19:35:14 UTC (80b42e)5.2.3vulnerable
2019-10-16 06:05:22 UTC (8bf142)5.2.3vulnerable
2019-10-15 04:50:38 UTC (5000b1)5.2.3vulnerable
2019-10-14 19:05:34 UTC (28d254)5.2.3vulnerable
2019-10-13 07:54:16 UTC (795280)5.2.3vulnerable
2019-10-13 01:22:00 UTC (222004)5.2.3vulnerable
2019-10-11 01:30:19 UTC (dbad7c)5.2.3vulnerable
2019-10-10 12:05:14 UTC (9bbad4)5.2.3vulnerable
2019-10-10 06:55:20 UTC (8d0dc8)5.2.3vulnerable
2019-10-09 16:35:37 UTC (88bbb3)5.2.3vulnerable
2019-10-09 10:50:43 UTC (2a5bfd)5.2.3vulnerable
2019-10-09 06:45:14 UTC (25757b)5.2.3vulnerable
2019-10-08 23:20:40 UTC (724dbd)5.2.3vulnerable
2019-10-04 06:35:23 UTC (3ba0d9)5.2.3vulnerable
2019-10-03 20:00:43 UTC (8e1ce3)5.2.3vulnerable
2019-10-03 07:35:19 UTC (77b5a1)5.2.3vulnerable
2019-10-01 18:20:36 UTC (6bce1a)5.2.3vulnerable
2019-09-30 04:25:35 UTC (7a3083)5.2.3vulnerable
2019-09-29 16:25:32 UTC (e3930f)5.2.3vulnerable
2019-09-29 07:05:42 UTC (548d0b)5.2.3vulnerable
2019-09-26 18:30:43 UTC (b30f86)5.2.3vulnerable
2019-09-26 15:30:21 UTC (78d056)5.2.3vulnerable
2019-09-25 15:10:23 UTC (e34ac9)5.2.3vulnerable
2019-09-25 14:40:22 UTC (9c0c76)5.2.3vulnerable
2019-09-25 10:55:48 UTC (404d1c)5.2.3vulnerable
2019-09-25 01:55:38 UTC (522048)5.2.3vulnerable
2019-09-22 18:35:37 UTC (88f32c)5.2.2vulnerable
2019-09-22 16:30:25 UTC (18670d)5.2.2vulnerable
2019-09-22 13:35:35 UTC (6f65c2)5.2.2vulnerable
2019-09-22 01:20:23 UTC (b66fb9)5.2.2vulnerable
2019-09-21 12:25:36 UTC (47d653)5.2.2vulnerable
2019-09-21 04:55:23 UTC (49f57e)5.2.2vulnerable
2019-09-20 21:30:42 UTC (6825f0)5.2.2vulnerable
2019-09-20 17:15:39 UTC (21be13)5.2.2vulnerable
2019-09-20 16:40:26 UTC (499d72)5.2.2vulnerable
2019-09-20 03:55:33 UTC (4fd551)5.2.2vulnerable
2019-09-16 22:45:39 UTC (e6b068)5.2.2vulnerable
nixos-unstable
2020-01-04 10:30:42 UTC (e0470e)5.2.4vulnerable
2019-12-27 17:25:29 UTC (b0bbac)5.2.4vulnerable
2019-12-24 14:15:43 UTC (a06925)5.2.4vulnerable
2019-12-23 15:10:32 UTC (eeaf1f)5.2.4vulnerable
2019-12-23 01:55:35 UTC (00915d)5.2.4vulnerable
2019-12-22 01:45:20 UTC (f5bb6c)5.2.4vulnerable
2019-12-18 17:15:45 UTC (d94268)5.2.4vulnerable
2019-12-18 02:35:23 UTC (352f03)5.2.4vulnerable
2019-12-17 09:50:29 UTC (863658)5.2.4vulnerable
2019-12-09 12:37:43 UTC (3140fa)5.2.4vulnerable
2019-11-19 17:55:36 UTC (e89b21)5.2.4vulnerable
2019-11-16 10:50:41 UTC (c19665)5.2.4vulnerable
2019-11-04 02:05:14 UTC (7827d3)5.2.4vulnerable
2019-11-01 05:45:36 UTC (471869)5.2.4vulnerable
2019-10-24 17:20:29 UTC (4cd2cb)5.2.4vulnerable
2019-10-21 20:05:44 UTC (f35f08)5.2.3vulnerable
2019-10-16 07:35:21 UTC (1c40ee)5.2.3vulnerable
2019-10-14 09:05:43 UTC (94500c)5.2.3vulnerable
2019-10-11 17:35:31 UTC (b94333)5.2.3vulnerable
2019-10-11 08:50:35 UTC (8b46dc)5.2.3vulnerable
2019-10-11 08:00:33 UTC (d8aae8)5.2.3vulnerable
2019-10-08 18:30:37 UTC (07d4df)5.2.3vulnerable
2019-09-27 01:00:32 UTC (2436c2)5.2.3vulnerable
2019-09-26 20:30:35 UTC (82fe35)5.2.3vulnerable
2019-09-25 12:40:33 UTC (f0fec2)5.2.2vulnerable
2019-09-21 04:25:32 UTC (d484f2)5.2.2vulnerable
2019-09-21 00:45:24 UTC (a7f002)5.2.2vulnerable
2019-09-20 11:00:29 UTC (262b32)5.2.2vulnerable
2019-09-09 15:15:20 UTC (e19054)5.2.2vulnerable
2019-09-06 18:20:43 UTC (4e6069)5.2.2vulnerable
2019-09-02 02:45:25 UTC (7d5375)5.2.2vulnerable
2019-08-29 18:00:48 UTC (8d1510)5.2.2vulnerable
2019-08-26 09:05:34 UTC (3f4144)5.2.2vulnerable
2019-08-26 04:55:46 UTC (4ca0df)5.2.2vulnerable
2019-08-25 19:30:27 UTC (af9f40)5.2.2vulnerable
2019-08-24 15:10:36 UTC (765a71)5.2.2vulnerable
2019-08-24 01:05:23 UTC (8f8422)5.2.2vulnerable
2019-08-23 05:45:50 UTC (dfc6d5)5.2.2vulnerable
2019-08-22 17:40:25 UTC (54c766)5.2.2vulnerable
2019-08-22 13:40:17 UTC (8b56d2)5.2.2vulnerable
2019-08-19 19:55:45 UTC (1412af)5.2.2vulnerable
2019-08-13 10:35:42 UTC (8746c7)5.2.2vulnerable
2019-08-13 00:30:27 UTC (984851)5.2.2vulnerable
2019-08-11 10:20:42 UTC (4557b9)5.2.2vulnerable
2019-08-10 22:25:37 UTC (387e69)5.2.2vulnerable
2019-08-10 19:40:45 UTC (732c16)5.2.2vulnerable
2019-08-10 11:15:23 UTC (62509f)5.2.2vulnerable
2019-08-09 11:05:33 UTC (52f3c2)5.2.2vulnerable
2019-08-08 22:20:43 UTC (63fa75)5.2.2vulnerable
2019-08-08 12:50:36 UTC (8febac)5.2.2vulnerable
2019-08-07 09:35:32 UTC (e275a6)5.2.2vulnerable
2019-08-06 23:15:38 UTC (ac95de)5.2.2vulnerable
2019-08-06 02:55:20 UTC (40e319)5.2.2vulnerable
2019-08-05 14:30:20 UTC (57d650)5.2.2vulnerable
2019-08-04 19:05:12 UTC (525eaf)5.2.2vulnerable
2019-08-04 10:30:20 UTC (4e8a8a)5.2.2vulnerable
2019-08-04 09:55:38 UTC (d834a4)5.2.2vulnerable
2019-08-04 09:20:28 UTC (c0a858)5.2.2vulnerable
2019-07-29 12:35:34 UTC (239fff)5.2.2vulnerable
2019-07-29 04:15:32 UTC (bf39fc)5.2.2vulnerable
2019-07-29 03:40:31 UTC (15564f)5.2.2vulnerable
2019-07-25 15:40:19 UTC (b5f5c9)5.2.2vulnerable
2019-07-23 20:20:33 UTC (c4fec1)5.2.2vulnerable
2019-07-23 11:55:19 UTC (3d84cf)5.2.2vulnerable
2019-07-22 18:45:22 UTC (62cb4f)5.2.2vulnerable
2019-07-18 10:45:22 UTC (362be9)5.2.2vulnerable
2019-07-12 05:15:25 UTC (1036dc)5.2.2vulnerable
2019-07-08 01:05:26 UTC (beff2f)5.2.2vulnerable
2019-07-07 13:50:29 UTC (aa2a7e)5.2.2vulnerable
2019-07-07 11:30:30 UTC (88c258)5.2.2vulnerable