CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16510 – WordPress Core < 4.8.3 - SQL Injection due to Double Prepare approach
https://notcve.org/view.php?id=CVE-2017-16510
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. WordPress en versiones anteriores a la 4.8.3 se ve afectado por un problema en el que $wpdb->prepare() puede crear consultas inseguras e inesperadas que podrían provocar una inyección SQL (SQLi) en plugins y temas, tal y como se ve en el enfoque "double prepare". Esta es una vulnerabilidad diferente a CVE-2017-14723. • http://www.securityfocus.com/bid/101638 https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html https://codex.wordpress.org/Version_4.8.3 https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d https://lists.debian.org/debian-lts-announce/2017/11/msg00003.html https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release https://wpvulndb.com/vulnerabilities/8941 https://www.debian.org/security/2018/dsa-4090 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9263 – WordPress Core < 4.9.1 - Cross-domain Flash injection
https://notcve.org/view.php?id=CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. WordPress hasta la versión 4.8.2, cuando no se utiliza el sandboxing flashmediaelement.swf basado en dominios, permite que atacantes remotos realicen ataques de inyección de código Flash en dominios cruzados (XSF) usando código contenido en el archivo wp-includes/js/mediaelement/flashmediaelement.swf. WordPress through 4.9.1, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. • http://www.securityfocus.com/bid/101294 https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14721 – WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names
https://notcve.org/view.php?id=CVE-2017-14721
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Antes de la versión 4.8.2, WordPress permitía un ataque de Cross-Site Scripting (XSS) en el editor de plugins mediante un nombre de plugin modificado. • http://www.securityfocus.com/bid/100912 http://www.securitytracker.com/id/1039553 https://core.trac.wordpress.org/changeset/41412 https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release https://www.debian.org/security/2017/dsa-3997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14725 – WordPress Core < 4.8.2 - Open Redirect in Admin Dashboard
https://notcve.org/view.php?id=CVE-2017-14725
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de redirección abierta en wp-admin/edit-tag-form.php y wp-admin/user-edit.php. • http://www.securityfocus.com/bid/100912 http://www.securitytracker.com/id/1039553 https://core.trac.wordpress.org/changeset/41398 https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8910 https://www.debian.org/security/2017/dsa-3997 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 202EXPL: 0CVE-2017-14719 – WordPress Core < 4.8.2 - Directory Traversal during unzip
https://notcve.org/view.php?id=CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de salto de directorio durante operaciones de descompresión en los componentes ZipArchive y PclZip. • http://www.securityfocus.com/bid/100912 http://www.securitytracker.com/id/1039553 https://core.trac.wordpress.org/changeset/41457 https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8911 https://www.debian.org/security/2017/dsa-3997 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •