Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 4.7 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts...
Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2Wordpress Wordpress 4.7
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename....
Wordpress Wordpress 4.7.5Wordpress Wordpress 4.8Wordpress Wordpress 4.7.3Wordpress Wordpress 4.7.4Wordpress Wordpress 4.7Wordpress Wordpress 4.8.1Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components....
Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2Wordpress Wordpress 4.6.6Wordpress Wordpress 4.6.5Wordpress Wordpress 4.6.4Wordpress Wordpress 4.5.7Wordpress Wordpress 4.5.6Wordpress Wordpress 4.5Wordpress Wordpress 4.4.9Wordpress Wordpress 4.4.11Wordpress Wordpress 4.4.10Wordpress Wordpress 4.3.5Wordpress Wordpress 4.3.4Wordpress Wordpress 4.3Wordpress Wordpress 4.2.9Wordpress Wordpress 4.2.16Wordpress Wordpress 4.2.15Wordpress Wordpress 4.2Wordpress Wordpress 4.1.9Wordpress Wordpress 4.1.2Wordpress Wordpress 4.1.19Wordpress Wordpress 4.1.11Wordpress Wordpress 4.1.10Wordpress Wordpress 4.0.5Wordpress Wordpress 4.0.4Wordpress Wordpress 4.0.15Wordpress Wordpress 4.0.14Wordpress Wordpress 3.9.8Wordpress Wordpress 3.9.7Wordpress Wordpress 3.9.19Wordpress Wordpress 3.9.18Wordpress Wordpress 3.9.11Wordpress Wordpress 3.9.10Wordpress Wordpress 3.9.1Wordpress Wordpress 3.8.4Wordpress Wordpress 3.8.3Wordpress Wordpress 3.8.17Wordpress Wordpress 3.8.16Wordpress Wordpress 3.8.1Wordpress Wordpress 3.8Wordpress Wordpress 4.7Wordpress Wordpress 4.8.1Wordpress Wordpress 4.6.7Wordpress Wordpress 4.5.9Wordpress Wordpress 4.5.8Wordpress Wordpress 4.5.10Wordpress Wordpress 4.5.1Wordpress Wordpress 4.4.4Wordpress Wordpress 4.4.3Wordpress Wordpress 4.4.2Wordpress Wordpress 4.3.7Wordpress Wordpress 4.3.6Wordpress Wordpress 4.3.10Wordpress Wordpress 4.3.1Wordpress Wordpress 4.2.4Wordpress Wordpress 4.2.3Wordpress Wordpress 4.2.2Wordpress Wordpress 4.2.10Wordpress Wordpress 4.2.1Wordpress Wordpress 4.1.4Wordpress Wordpress 4.1.3Wordpress Wordpress 4.1.13Wordpress Wordpress 4.1.12Wordpress Wordpress 4.0.7Wordpress Wordpress 4.0.6Wordpress Wordpress 4.0.17Wordpress Wordpress 4.0.16Wordpress Wordpress 4.0Wordpress Wordpress 3.9.9Wordpress Wordpress 3.9.20Wordpress Wordpress 3.9.2Wordpress Wordpress 3.9.13Wordpress Wordpress 3.9.12Wordpress Wordpress 3.8.6Wordpress Wordpress 3.8.5Wordpress Wordpress 3.8.19Wordpress Wordpress 4.7.5Wordpress Wordpress 4.8Wordpress Wordpress 4.6.1Wordpress Wordpress 4.6Wordpress Wordpress 4.5.3Wordpress Wordpress 4.5.2Wordpress Wordpress 4.4.6Wordpress Wordpress 4.4.5Wordpress Wordpress 4.3.9Wordpress Wordpress 4.3.8Wordpress Wordpress 4.3.12Wordpress Wordpress 4.3.11Wordpress Wordpress 4.2.6Wordpress Wordpress 4.2.5Wordpress Wordpress 4.2.12Wordpress Wordpress 4.2.11Wordpress Wordpress 4.1.6Wordpress Wordpress 4.1.5Wordpress Wordpress 4.1.16Wordpress Wordpress 4.1.15Wordpress Wordpress 4.1.14Wordpress Wordpress 4.0.9Wordpress Wordpress 4.0.8Wordpress Wordpress 4.0.19Wordpress Wordpress 4.0.18Wordpress Wordpress 4.0.10Wordpress Wordpress 4.0.1Wordpress Wordpress 3.9.4Wordpress Wordpress 3.9.3Wordpress Wordpress 3.9.15Wordpress Wordpress 3.9.14Wordpress Wordpress 3.8.8Wordpress Wordpress 3.8.7Wordpress Wordpress 3.8.20Wordpress Wordpress 3.8.2Wordpress Wordpress 3.8.13Wordpress Wordpress 3.8.12Wordpress Wordpress 3.7.6Wordpress Wordpress 3.7.5Wordpress Wordpress 3.7.19Wordpress Wordpress 3.7.18Wordpress Wordpress 3.7.11Wordpress Wordpress 3.7.10Wordpress Wordpress 3.4.2Wordpress Wordpress 3.4.1Wordpress Wordpress 3.2Wordpress Wordpress 3.1.4Wordpress Wordpress 3.0.4Wordpress Wordpress 3.0.3Wordpress Wordpress 3.8.18Wordpress Wordpress 3.8.11Wordpress Wordpress 3.8.10Wordpress Wordpress 3.7.4Wordpress Wordpress 3.7.3Wordpress Wordpress 3.7.17Wordpress Wordpress 3.7.16Wordpress Wordpress 3.7.1Wordpress Wordpress 3.7Wordpress Wordpress 3.6.1Wordpress Wordpress 3.4Wordpress Wordpress 3.3.3Wordpress Wordpress 3.1.3Wordpress Wordpress 3.1.2Wordpress Wordpress 3.0.1Wordpress Wordpress 3.0Wordpress Wordpress 3.0.2Wordpress Wordpress 3.7.9Wordpress Wordpress 3.7.22Wordpress Wordpress 3.7.21Wordpress Wordpress 3.7.15Wordpress Wordpress 3.7.14Wordpress Wordpress 3.6Wordpress Wordpress 3.5.2Wordpress Wordpress 3.3.2Wordpress Wordpress 3.3.1Wordpress Wordpress 3.1.1Wordpress Wordpress 3.1Wordpress Wordpress 4.7.3Wordpress Wordpress 4.7.4Wordpress Wordpress 4.6.3Wordpress Wordpress 4.6.2Wordpress Wordpress 4.5.5Wordpress Wordpress 4.5.4Wordpress Wordpress 4.4.8Wordpress Wordpress 4.4.7Wordpress Wordpress 4.4.1Wordpress Wordpress 4.4Wordpress Wordpress 4.3.3Wordpress Wordpress 4.3.2Wordpress Wordpress 4.2.8Wordpress Wordpress 4.2.7Wordpress Wordpress 4.2.14Wordpress Wordpress 4.2.13Wordpress Wordpress 4.1.8Wordpress Wordpress 4.1.7Wordpress Wordpress 4.1.18Wordpress Wordpress 4.1.17Wordpress Wordpress 4.1.1Wordpress Wordpress 4.1Wordpress Wordpress 4.0.3Wordpress Wordpress 4.0.2Wordpress Wordpress 4.0.13Wordpress Wordpress 4.0.12Wordpress Wordpress 4.0.11Wordpress Wordpress 3.9.6Wordpress Wordpress 3.9.5Wordpress Wordpress 3.9.17Wordpress Wordpress 3.9.16Wordpress Wordpress 3.9Wordpress Wordpress 3.8.9Wordpress Wordpress 3.8.22Wordpress Wordpress 3.8.21Wordpress Wordpress 3.8.15Wordpress Wordpress 3.8.14Wordpress Wordpress 3.7.8Wordpress Wordpress 3.7.7Wordpress Wordpress 3.7.20Wordpress Wordpress 3.7.2Wordpress Wordpress 3.7.13Wordpress Wordpress 3.7.12Wordpress Wordpress 3.5.1Wordpress Wordpress 3.5Wordpress Wordpress 3.3Wordpress Wordpress 3.2.1Wordpress Wordpress 3.0.6Wordpress Wordpress 3.0.5
5.3
CVSSv3
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request....
Wordpress Wordpress
NA
CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings....
Crunchify Facebook Members 5.0Crunchify Facebook Members 4.7Crunchify Facebook Members 4.6.1Crunchify Facebook Members 4.6Crunchify Facebook Members 4.5.3Crunchify Facebook MembersCrunchify Facebook Members 5.0.2Crunchify Facebook Members 5.0.3Crunchify Facebook Members 5.0.1
9.8
CVSSv3
CVE-2017-18571
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316....
Search Everything Project Search Everything
6.1
CVSSv3
CVE-2017-5490
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...
Wordpress Wordpress
NA
CVE-2014-4552
Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter....
Spotlightyour Spotlightyour
8.8
CVSSv3
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload....
Wordpress Wordpress
5.3
CVSSv3
CVE-2017-5491
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name....
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2023-21014CVE-2023-21052arbitrary CVE-2023-27579open redirectCVE-2023-21019
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook