CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5489 – WordPress Core < 4.7.1 - Cross-Site Request Forgery via Uploading Flash File
https://notcve.org/view.php?id=CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. Vulnerabilidad de CSRF en WordPress en versiones anteriores a 4.7.1 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores que implican una carga de archivo Flash. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www.securityfocus.com/bid/95399 http://www.securitytracker.com/id/1037591 https://codex.wordpress.org/Version_4.7.1 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8717 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 8CVE-2016-10045 – PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando de correo y consecuentemente ejecutar código arbitrario aprovechando una interacción inapropiada entre la función escapeshellarg y un escape interno realizado en la función mail en PHP. NOTA: esta vulnerabilidad existe debido a una incorrecta reparación de CVE-2016-10033. • https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 http://openwall.com/lists/oss-security/2016/12/28/1 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://seclists.org/fulldisclosure/2016/Dec/81 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection http://www.securityfocus& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 24CVE-2016-10033 – WordPress Core 4.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada. PHPMailer version 5.2.17 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/41962 https://www.exploit-db.com/exploits/42024 https://www.exploit-db.com/exploits/41996 https://www.exploit-db.com/exploits/40974 https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40970 https://www.exploit-db.com/exploits/40968 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 https://github.com/opsxcq/exploit-CVE-2016-10033 https://github.com/GeneralTesler/CVE- • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7169 – WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access
https://notcve.org/view.php?id=CVE-2016-7169
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. Vulnerabilidad de salto de directorio en la clase File_Upload_Upgrader en wp-admin/includes/class-file-upload-upgrader.php en el cargador del paquete de actualización en WordPress en versiones anteriores a 4.6.1 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de un parámetro urlholder manipulado. • http://www.debian.org/security/2016/dsa-3681 http://www.securityfocus.com/bid/92841 https://codex.wordpress.org/Version_4.6.1 https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8616 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7168 – WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-7168
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. Vulnerabilidad de XSS en la función media_handle_upload en wp-admin/includes/media.php en WordPress en versiones anteriores a 4.6.1 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios engañando a un administrador para subir un archivo de imagen que tiene un nombre de archivo manipulado. • http://www.debian.org/security/2016/dsa-3681 http://www.openwall.com/lists/oss-security/2016/09/08/19 http://www.openwall.com/lists/oss-security/2016/09/08/24 http://www.securityfocus.com/bid/92841 https://codex.wordpress.org/Version_4.6.1 https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0 https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html https://wordpress.org/news/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •