CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6514 – WordPress Core < 4.7.2 - Path Disclosure
https://notcve.org/view.php?id=CVE-2017-6514
01 Jan 2017 — WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring. WordPress 4.7.2 maneja de manera inapropiada los listados de los autores de las publicaciones, esto permite a los atacantes remotos obtener información confidencial (Path Disclosure) mediante un /wp-json/oembed/1.0/embed?url= request, relacionada con la subcadena "author_name": ". • http://www.securityfocus.com/bid/108459 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
20 Jun 2012 — WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress wi... • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •