CVE-2017-8295 – Wordpress Core < 5.5 - Unauthorized Password Reset via Interception
https://notcve.org/view.php?id=CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. WordPress hasta la versión 4.7.4 se basa en el encabezado HOST de HTTP para un mensaje de correo electrónico de restablecimiento de contraseña, lo que hace más fácil para los atacantes remotos restablecer contraseñas arbitrarias mediante una solicitud wp-login.php? • https://www.exploit-db.com/exploits/41963 https://github.com/cyberheartmi9/CVE-2017-8295 https://github.com/homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98295 http://www.securitytracker.com/id/1038403 https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html https://wpvulndb.com/vulnerabilities/8807 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2017-6816 – WordPress Core < 4.7.3 - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2017-6816
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. En WordPress en versiones anteriores a 4.7.3 (wp-admin/plugins.php), los archivos no deseados pueden ser eliminados por los administradores utilizando la funcionalidad del plugin deletion. • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96598 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8767 • CWE-863: Incorrect Authorization •
CVE-2017-6817 – WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds
https://notcve.org/view.php?id=CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. En WordPress en versiones anteriores a 4.7.3 (wp-includes/embed.php), hay secuencias de comandos en sitios cruzados (XSS) autenticada en URLs incrustadas de YouTube . • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6818 – WordPress Core < 4.7.3 - Cross-Site Scripting via Taxonomy names
https://notcve.org/view.php?id=CVE-2017-6818
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. En WordPress en versiones anteriores a 4.7.3 (wp-admin/js/tags-box.js), hay secuencias de comandos de sitios cruzados (XSS) a través de nombres de términos de taxonomía. • http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6814 – WordPress Core < 4.7.3 - Cross-Site Scripting via Media Metadata
https://notcve.org/view.php?id=CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. En WordPress en versiones anteriores a 4.7.3, hay XSS autenticada a través de Media File Metadata. Esto es demostrado tanto por (1) mal manejo de la playlist shortcode en la función wp_playlist_shortcode en wp-includes/media.php y (2) mal manejo de de meta información en la función renderTracks en wp-includes/js/mediaelement/wp-playlist.js. • http://openwall.com/lists/oss-security/2017/03/06/8 http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-re • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •