7.5
CVSSv3

CVE-2017-9065

Published: 18/05/2017 Updated: 15/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

In WordPress prior to 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian Bug report logs - #862053 wordpress: CVE-2017-8295 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 7 May 2017 19:57:02 UTC Severity: serious Tags: security, up ...
Debian Bug report logs - #862816 wordpress: Six security bugs in wordpress 474 and earlier Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Wed, 17 May 2017 11:57:06 UTC Severity: grave Tags: security, upstream Found in vers ...
Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u14 For the upcoming stable (stretch) ...

Github Repositories

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 Exploit Database 3684