Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 4.7.2 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts...
Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2Wordpress Wordpress 4.7
5.3
CVSSv3
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring....
Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename....
Wordpress Wordpress 4.7.5Wordpress Wordpress 4.8Wordpress Wordpress 4.7.3Wordpress Wordpress 4.7.4Wordpress Wordpress 4.7Wordpress Wordpress 4.8.1Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components....
Wordpress Wordpress 4.7.1Wordpress Wordpress 4.7.2Wordpress Wordpress 4.6.6Wordpress Wordpress 4.6.5Wordpress Wordpress 4.6.4Wordpress Wordpress 4.5.7Wordpress Wordpress 4.5.6Wordpress Wordpress 4.5Wordpress Wordpress 4.4.9Wordpress Wordpress 4.4.11Wordpress Wordpress 4.4.10Wordpress Wordpress 4.3.5Wordpress Wordpress 4.3.4Wordpress Wordpress 4.3Wordpress Wordpress 4.2.9Wordpress Wordpress 4.2.16Wordpress Wordpress 4.2.15Wordpress Wordpress 4.2Wordpress Wordpress 4.1.9Wordpress Wordpress 4.1.2Wordpress Wordpress 4.1.19Wordpress Wordpress 4.1.11Wordpress Wordpress 4.1.10Wordpress Wordpress 4.0.5Wordpress Wordpress 4.0.4Wordpress Wordpress 4.0.15Wordpress Wordpress 4.0.14Wordpress Wordpress 3.9.8Wordpress Wordpress 3.9.7Wordpress Wordpress 3.9.19Wordpress Wordpress 3.9.18Wordpress Wordpress 3.9.11Wordpress Wordpress 3.9.10Wordpress Wordpress 3.9.1Wordpress Wordpress 3.8.4Wordpress Wordpress 3.8.3Wordpress Wordpress 3.8.17Wordpress Wordpress 3.8.16Wordpress Wordpress 3.8.1Wordpress Wordpress 3.8Wordpress Wordpress 4.7Wordpress Wordpress 4.8.1Wordpress Wordpress 4.6.7Wordpress Wordpress 4.5.9Wordpress Wordpress 4.5.8Wordpress Wordpress 4.5.10Wordpress Wordpress 4.5.1Wordpress Wordpress 4.4.4Wordpress Wordpress 4.4.3Wordpress Wordpress 4.4.2Wordpress Wordpress 4.3.7Wordpress Wordpress 4.3.6Wordpress Wordpress 4.3.10Wordpress Wordpress 4.3.1Wordpress Wordpress 4.2.4Wordpress Wordpress 4.2.3Wordpress Wordpress 4.2.2Wordpress Wordpress 4.2.10Wordpress Wordpress 4.2.1Wordpress Wordpress 4.1.4Wordpress Wordpress 4.1.3Wordpress Wordpress 4.1.13Wordpress Wordpress 4.1.12Wordpress Wordpress 4.0.7Wordpress Wordpress 4.0.6Wordpress Wordpress 4.0.17Wordpress Wordpress 4.0.16Wordpress Wordpress 4.0Wordpress Wordpress 3.9.9Wordpress Wordpress 3.9.20Wordpress Wordpress 3.9.2Wordpress Wordpress 3.9.13Wordpress Wordpress 3.9.12Wordpress Wordpress 3.8.6Wordpress Wordpress 3.8.5Wordpress Wordpress 3.8.19Wordpress Wordpress 4.7.5Wordpress Wordpress 4.8Wordpress Wordpress 4.6.1Wordpress Wordpress 4.6Wordpress Wordpress 4.5.3Wordpress Wordpress 4.5.2Wordpress Wordpress 4.4.6Wordpress Wordpress 4.4.5Wordpress Wordpress 4.3.9Wordpress Wordpress 4.3.8Wordpress Wordpress 4.3.12Wordpress Wordpress 4.3.11Wordpress Wordpress 4.2.6Wordpress Wordpress 4.2.5Wordpress Wordpress 4.2.12Wordpress Wordpress 4.2.11Wordpress Wordpress 4.1.6Wordpress Wordpress 4.1.5Wordpress Wordpress 4.1.16Wordpress Wordpress 4.1.15Wordpress Wordpress 4.1.14Wordpress Wordpress 4.0.9Wordpress Wordpress 4.0.8Wordpress Wordpress 4.0.19Wordpress Wordpress 4.0.18Wordpress Wordpress 4.0.10Wordpress Wordpress 4.0.1Wordpress Wordpress 3.9.4Wordpress Wordpress 3.9.3Wordpress Wordpress 3.9.15Wordpress Wordpress 3.9.14Wordpress Wordpress 3.8.8Wordpress Wordpress 3.8.7Wordpress Wordpress 3.8.20Wordpress Wordpress 3.8.2Wordpress Wordpress 3.8.13Wordpress Wordpress 3.8.12Wordpress Wordpress 3.7.6Wordpress Wordpress 3.7.5Wordpress Wordpress 3.7.19Wordpress Wordpress 3.7.18Wordpress Wordpress 3.7.11Wordpress Wordpress 3.7.10Wordpress Wordpress 3.4.2Wordpress Wordpress 3.4.1Wordpress Wordpress 3.2Wordpress Wordpress 3.1.4Wordpress Wordpress 3.0.4Wordpress Wordpress 3.0.3Wordpress Wordpress 3.8.18Wordpress Wordpress 3.8.11Wordpress Wordpress 3.8.10Wordpress Wordpress 3.7.4Wordpress Wordpress 3.7.3Wordpress Wordpress 3.7.17Wordpress Wordpress 3.7.16Wordpress Wordpress 3.7.1Wordpress Wordpress 3.7Wordpress Wordpress 3.6.1Wordpress Wordpress 3.4Wordpress Wordpress 3.3.3Wordpress Wordpress 3.1.3Wordpress Wordpress 3.1.2Wordpress Wordpress 3.0.1Wordpress Wordpress 3.0Wordpress Wordpress 3.0.2Wordpress Wordpress 3.7.9Wordpress Wordpress 3.7.22Wordpress Wordpress 3.7.21Wordpress Wordpress 3.7.15Wordpress Wordpress 3.7.14Wordpress Wordpress 3.6Wordpress Wordpress 3.5.2Wordpress Wordpress 3.3.2Wordpress Wordpress 3.3.1Wordpress Wordpress 3.1.1Wordpress Wordpress 3.1Wordpress Wordpress 4.7.3Wordpress Wordpress 4.7.4Wordpress Wordpress 4.6.3Wordpress Wordpress 4.6.2Wordpress Wordpress 4.5.5Wordpress Wordpress 4.5.4Wordpress Wordpress 4.4.8Wordpress Wordpress 4.4.7Wordpress Wordpress 4.4.1Wordpress Wordpress 4.4Wordpress Wordpress 4.3.3Wordpress Wordpress 4.3.2Wordpress Wordpress 4.2.8Wordpress Wordpress 4.2.7Wordpress Wordpress 4.2.14Wordpress Wordpress 4.2.13Wordpress Wordpress 4.1.8Wordpress Wordpress 4.1.7Wordpress Wordpress 4.1.18Wordpress Wordpress 4.1.17Wordpress Wordpress 4.1.1Wordpress Wordpress 4.1Wordpress Wordpress 4.0.3Wordpress Wordpress 4.0.2Wordpress Wordpress 4.0.13Wordpress Wordpress 4.0.12Wordpress Wordpress 4.0.11Wordpress Wordpress 3.9.6Wordpress Wordpress 3.9.5Wordpress Wordpress 3.9.17Wordpress Wordpress 3.9.16Wordpress Wordpress 3.9Wordpress Wordpress 3.8.9Wordpress Wordpress 3.8.22Wordpress Wordpress 3.8.21Wordpress Wordpress 3.8.15Wordpress Wordpress 3.8.14Wordpress Wordpress 3.7.8Wordpress Wordpress 3.7.7Wordpress Wordpress 3.7.20Wordpress Wordpress 3.7.2Wordpress Wordpress 3.7.13Wordpress Wordpress 3.7.12Wordpress Wordpress 3.5.1Wordpress Wordpress 3.5Wordpress Wordpress 3.3Wordpress Wordpress 3.2.1Wordpress Wordpress 3.0.6Wordpress Wordpress 3.0.5
5.3
CVSSv3
CVE-2017-5610
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms....
Wordpress WordpressDebian Debian Linux 8.0Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-5612
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt....
Wordpress WordpressDebian Debian Linux 8.0Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name....
Wordpress WordpressDebian Debian Linux 8.0Debian Debian Linux 9.0Oracle Data Integrator 11.1.1.9.0Oracle Data Integrator 12.2.1.3.0Oracle Data Integrator 12.2.1.4.0
5.4
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack...
Wp Total Hacks Project Wp Total Hacks
5.4
CVSSv3
CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds....
Wordpress WordpressDebian Debian Linux 8.0Debian Debian Linux 9.0
4.9
CVSSv3
CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality....
Wordpress WordpressDebian Debian Linux 9.0Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionSSTICVE-2023-28846CVE-2022-47986cache poisoningCVE-2023-23397CVE-2023-28755CVE-2023-25040CVE-2023-1755
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook