Published: 12/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

In WordPress prior to 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #857026 wordpress: 473 security release Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Tue, 7 Mar 2017 10:33:02 UTC Severity: grave Tags: security, upstream Found in version wordpress/472 Fixed ...

Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u13 For the upcoming stable (stretc ...

It has been discovered that unintended files can be deleted by administrators in WordPress before 473 (wp-admin/pluginsphp) using the plugin deletion functionality ...

CWE-863 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://codex.wordpress.org/Version_4.7.3 http://www.securityfocus.com/bid/96598 https://wpvulndb.com/vulnerabilities/8767 http://www.securitytracker.com/id/1037959 http://www.debian.org/security/2017/dsa-3815 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 https://www.debian.org/security/./dsa-3815

CVE-2017-6816

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect