Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress prior to 4.7.2 allows remote malicious users to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Data Integrator 11.1.1.9.0
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
2 Github repositories
6.1
CVSSv3
CVE-2017-5612
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress prior to 4.7.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted excerpt.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.3
CVSSv3
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1 does not properly restrict listings of post authors, which allows remote malicious users to obtain sensitive information via a wp-json/wp/v2/users requ...
Wordpress Wordpress
1 EDB exploit
25 Github repositories
7.5
CVSSv3
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress prior to 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote malicious users to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-5488
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress prior to 4.7.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Wordpress Wordpress
8.8
CVSSv3
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-5490
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress prior to 4.7.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includ...
Wordpress Wordpress
1 Github repository
5.3
CVSSv3
CVE-2017-5491
wp-mail.php in WordPress prior to 4.7.1 might allow remote malicious users to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
Wordpress Wordpress
8.8
CVSSv3
CVE-2017-5492
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/in...
Wordpress Wordpress
2 Github repositories
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
89 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2