CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 0CVE-2017-9066 – WordPress Core < 4.7.5 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2017-9066
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. En WordPress anterior a versión 4.7.5, no hay suficiente validación de redireccionamiento en la clase de HTTP, lo que conlleva a una vulnerabilidad de tipo SSRF. • http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 https://twitter.com/skansing/status/865362551097393153 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8815 https://www.debian.org/security/2018/dsa-4090 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9064 – WordPress Core < 4.7.5 - Cross-Site Request Forgery Filesystem Credential Update
https://notcve.org/view.php?id=CVE-2017-9064
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. En WordPress antes de 4.7.5, existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en el diálogo de credenciales del sistema de archivos porque no se requiere un nonce para actualizar las credenciales. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8818 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 4CVE-2017-8295 – Wordpress Core < 5.5 - Unauthorized Password Reset via Interception
https://notcve.org/view.php?id=CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. WordPress hasta la versión 4.7.4 se basa en el encabezado HOST de HTTP para un mensaje de correo electrónico de restablecimiento de contraseña, lo que hace más fácil para los atacantes remotos restablecer contraseñas arbitrarias mediante una solicitud wp-login.php? • https://www.exploit-db.com/exploits/41963 https://github.com/cyberheartmi9/CVE-2017-8295 https://github.com/homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98295 http://www.securitytracker.com/id/1038403 https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html https://wpvulndb.com/vulnerabilities/8807 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6816 – WordPress Core < 4.7.3 - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. En WordPress en versiones anteriores a 4.7.3 (wp-admin/plugins.php), los archivos no deseados pueden ser eliminados por los administradores utilizando la funcionalidad del plugin deletion. • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96598 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8767 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6817 – WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds
https://notcve.org/view.php?id=CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. En WordPress en versiones anteriores a 4.7.3 (wp-includes/embed.php), hay secuencias de comandos en sitios cruzados (XSS) autenticada en URLs incrustadas de YouTube . • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •