Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.3 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Wordpress Wordpress 4.7.5
Wordpress Wordpress 4.8
Wordpress Wordpress 4.7.3
Wordpress Wordpress 4.7.4
Wordpress Wordpress 4.7
Wordpress Wordpress 4.8.1
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
383
VMScore
CVE-2017-6819
In WordPress prior to 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Wordpress Wordpress
1 Github repository
383
VMScore
CVE-2017-6818
In WordPress prior to 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
Wordpress Wordpress
446
VMScore
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
490
VMScore
CVE-2017-6816
In WordPress prior to 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
316
VMScore
CVE-2017-6814
In WordPress prior to 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
14 Github repositories
316
VMScore
CVE-2017-6817
In WordPress prior to 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
15 Github repositories
517
VMScore
CVE-2017-6815
In WordPress prior to 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started