Published: 18/05/2017 Updated: 15/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

Vendor Advisories

Debian Bug report logs - #862053 wordpress: CVE-2017-8295 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 7 May 2017 19:57:02 UTC Severity: serious Tags: security, up ...
Debian Bug report logs - #862816 wordpress: Six security bugs in wordpress 474 and earlier Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Wed, 17 May 2017 11:57:06 UTC Severity: grave Tags: security, upstream Found in vers ...
Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u14 For the upcoming stable (stretch) ...

Github Repositories

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 Exploit Database 3684