CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9061 – WordPress Core < 4.7.5 - Stored Cross-Site Scripting via filenames
https://notcve.org/view.php?id=CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. En WordPress anteriores a 4.7.5, existe una vulnerabilidad XSS (cross-site scripting) al intentar cargar archivos muy grandes, porque el mensaje de error no restringe adecuadamente la presentación del nombre de archivo. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9065 – WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates
https://notcve.org/view.php?id=CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. En WordPress anteriores a 4.7.5, hay una falta de verificaciones de capacidad para el envío de metadatos en la API XML-RPC. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8817 • CWE-20: Improper Input Validation CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 4CVE-2017-8295 – Wordpress Core < 5.5 - Unauthorized Password Reset via Interception
https://notcve.org/view.php?id=CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. WordPress hasta la versión 4.7.4 se basa en el encabezado HOST de HTTP para un mensaje de correo electrónico de restablecimiento de contraseña, lo que hace más fácil para los atacantes remotos restablecer contraseñas arbitrarias mediante una solicitud wp-login.php? • https://www.exploit-db.com/exploits/41963 https://github.com/cyberheartmi9/CVE-2017-8295 https://github.com/homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98295 http://www.securitytracker.com/id/1038403 https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html https://wpvulndb.com/vulnerabilities/8807 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 2CVE-2017-6814 – WordPress Core < 4.7.3 - Cross-Site Scripting via Media Metadata
https://notcve.org/view.php?id=CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. En WordPress en versiones anteriores a 4.7.3, hay XSS autenticada a través de Media File Metadata. Esto es demostrado tanto por (1) mal manejo de la playlist shortcode en la función wp_playlist_shortcode en wp-includes/media.php y (2) mal manejo de de meta información en la función renderTracks en wp-includes/js/mediaelement/wp-playlist.js. • http://openwall.com/lists/oss-security/2017/03/06/8 http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-re • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-6819 – WordPress Core < 4.7.3 - Cross-Site Request Forgery via Press This
https://notcve.org/view.php?id=CVE-2017-6819
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. En WordPress en versiones anteriores a 4.7.3, hay CSRF en Press This (wp-admin/includes/class-wp-press-this.php), lo que conduce a un uso excesivo de recursos del servidor. El CSRF puede desencadenar una solicitud HTTP de salida para un archivo grande que luego se analiza mediante Press This. • http://openwall.com/lists/oss-security/2017/03/06/7 http://www.securityfocus.com/bid/96602 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8770 • CWE-352: Cross-Site Request Forgery (CSRF) •