Version problem in wordpress leads to the many vulnearability

##Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/9230 Reference: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b Reference: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/ Reference: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787 ## Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation Reference: https://wpvulndb.com/vulnerabilities/9867 Reference: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ Reference: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68 Reference: https://hackerone.com/reports/339483 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222 ## Title: WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode Previews Reference: https://wpvulndb.com/vulnerabilities/9864 Reference: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ Reference: https://fortiguard.com/zeroday/FG-VD-18-165 Reference: https://www.fortinet.com/blog/threat-research/wordpress-core-stored-xss-vulnerability.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16219 ##Title: WordPress <= 5.2.3 - Stored XSS in Customizer Reference: https://wpvulndb.com/vulnerabilities/9908 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674 ## Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts Reference: https://wpvulndb.com/vulnerabilities/9909 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 Reference: https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671 ## Title: WordPress <= 5.2.3 - Stored XSS in Style Tags Reference: https://wpvulndb.com/vulnerabilities/9910 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672 ## Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning Reference: https://wpvulndb.com/vulnerabilities/9911 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673 ## Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation Reference: https://wpvulndb.com/vulnerabilities/9912 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670 ## Title: WordPress <= 5.2.3 - Admin Referrer Validation Reference: https://wpvulndb.com/vulnerabilities/9913 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Reference: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675 #This is a plugin vulnearibility in wordpress and they are resolved in version 5.2.5 of wordpress ## Impact There is many critical vulnearibility in the wordpress plugin and can cause the problem.