Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress prior to 4.7.2 allows remote malicious users to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Data Integrator 11.1.1.9.0
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
2 Github repositories
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
89 Github repositories
8.8
CVSSv3
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
Wordpress Wordpress
8.8
CVSSv3
CVE-2017-5492
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/in...
Wordpress Wordpress
2 Github repositories
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Wordpress Wordpress 4.7.5
Wordpress Wordpress 4.8
Wordpress Wordpress 4.7.3
Wordpress Wordpress 4.7.4
Wordpress Wordpress 4.7
Wordpress Wordpress 4.8.1
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x prior to 4.7.2 does not require an integer identifier, which allows remote malicious users to modify arbitrary pages via a request for wp-json/wp/v...
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7
Wordpress Wordpress 4.7.2
1 Nmap script
3 Github repositories
7.5
CVSSv3
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress prior to 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote malicious users to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Wordpress Wordpress
6.1
CVSSv3
CVE-2023-0479
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin prior to 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_sho...
Tychesoftwares Print Invoice \\& Delivery Notes For Woocommerce
6.1
CVSSv3
CVE-2017-5612
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress prior to 4.7.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted excerpt.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »