Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-6819

Published: 12/03/2017 Updated: 19/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Wordpress

Vulnerability Summary

In WordPress prior to 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: 4.7.3 security release
Debian Bug report logs - #857026 wordpress: 473 security release Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Tue, 7 Mar 2017 10:33:02 UTC Severity: grave Tags: security, upstream Found in version wordpress/472 Fixed ...
Arch Linux Issues:
A cross-site request forgery (CSRF) vulnerability exists on the Press This page of WordPress This issue can be used to create a Denial of Service (DoS) condition if an authenticated administrator visits a malicious URL ...

Github Repositories

https://github.com/Sticksword/wp-kali-week7

Stored XSS in Wordpress Core for embed youtube urls: created by adding crafted xss youtube embed url WPScan summary: Title: WordPress 40-472 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Reference: wpvulndbcom/vulnerabilities/8768 Reference: wordpressorg/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reference: ht

References

CWE-352https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.htmlhttps://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829https://codex.wordpress.org/Version_4.7.3http://openwall.com/lists/oss-security/2017/03/06/7http://www.securityfocus.com/bid/96602https://wpvulndb.com/vulnerabilities/8770http://www.securitytracker.com/id/1037959https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026https://nvd.nist.govhttps://security.archlinux.org/CVE-2017-6819
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook