CVSS: 5.3EPSS: 87%CPEs: 1EXPL: 8CVE-2017-5487 – WordPress Core < 4.7.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php en la implementación REST API en WordPress 4.7 en versiones anteriores a 4.7.1 no restringe adecuadamente los listados de autores de publicación, lo que permite a atacantes remotos obtener información sensible a través de una petición wp-json/wp/v2/users. • https://www.exploit-db.com/exploits/41497 https://github.com/patilkr/wp-CVE-2017-5487-exploit https://github.com/K3ysTr0K3R/CVE-2017-5487-EXPLOIT https://github.com/GeunSam2/CVE-2017-5487 https://github.com/Jhonsonwannaa/CVE-2017-5487 https://github.com/SeasonLeague/CVE-2017-5487 https://github.com/zkhalidul/GrabberWP-CVE-2017-5487 https://github.com/Ravindu-Priyankara/CVE-2017-5487-vulnerability-on-NSBM http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5493 – WordPress Core < 4.7.1 - Weak Multi-Site Activation Key for User and Site Signup
https://notcve.org/view.php?id=CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. wp-includes/ms-functions.php en la API Multisite WordPress en WordPress en versiones anteriores a 4.7.1 no elige adecuadamente los números aleatorios para claves, lo que hace que más fácil para atacantes remotos eludir las restricciones destinadas al acceso a través de una inscripción del (1) sitio o (2) usuario manipulado. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www.securityfocus.com/bid/95401 http://www.securitytracker.com/id/1037591 https://codex.wordpress.org/Version_4.7.1 https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8721 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5491 – WordPress Core < 4.7.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2017-5491
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. wp-mail.php en WordPress en versiones anteriores a 4.7.1 podría permitir a atacantes remotos eludir las restricciones de publicación previstas a través de un servidor de correo falsificado con el nombre mail.example.com. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www.securityfocus.com/bid/95406 http://www.securitytracker.com/id/1037591 https://codex.wordpress.org/Version_4.7.1 https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8719 • CWE-285: Improper Authorization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5492 – WordPress Core < 4.7.1 - Cross-Site Request Forgery via Widget Editing
https://notcve.org/view.php?id=CVE-2017-5492
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. Vulnerabilidad de CSRF en la funcionalidad de modo de accesibilidad de edición de widget en WordPress en versiones anteriores a 4.7.1 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas para solicitudes que realizan una acción de acceso a widgets, relacionado con wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www.securityfocus.com/bid/95407 http://www.securitytracker.com/id/1037591 https://codex.wordpress.org/Version_4.7.1 https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8720 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 9CVE-2016-10045 – PHPMailer Sendmail Argument Injection
https://notcve.org/view.php?id=CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando de correo y consecuentemente ejecutar código arbitrario aprovechando una interacción inapropiada entre la función escapeshellarg y un escape interno realizado en la función mail en PHP. NOTA: esta vulnerabilidad existe debido a una incorrecta reparación de CVE-2016-10033. • https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 http://openwall.com/lists/oss-security/2016/12/28/1 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://seclists.org/fulldisclosure/2016/Dec/81 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection http://www.securityfocus& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •