Published: 12/03/2017 Updated: 19/03/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

In WordPress prior to 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #857026 wordpress: 473 security release Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Tue, 7 Mar 2017 10:33:02 UTC Severity: grave Tags: security, upstream Found in version wordpress/472 Fixed ...

Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u13 For the upcoming stable (stretc ...

A vulnerability has been discovered in WordPress before 473 (wp-includes/pluggablephp) that certain control characters can trick redirect URL validation ...

CWE-20 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e https://codex.wordpress.org/Version_4.7.3 http://www.securityfocus.com/bid/96600 https://wpvulndb.com/vulnerabilities/8766 http://www.securitytracker.com/id/1037959 http://www.debian.org/security/2017/dsa-3815 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 https://www.debian.org/security/./dsa-3815

CVE-2017-6815

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect