Page 20 of 335 results (0.005 seconds)

CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 4

CVE-2017-8295 – Wordpress Core < 5.5 - Unauthorized Password Reset via Interception

https://notcve.org/view.php?id=CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. WordPress hasta la versión 4.7.4 se basa en el encabezado HOST de HTTP para un mensaje de correo electrónico de restablecimiento de contraseña, lo que hace más fácil para los atacantes remotos restablecer contraseñas arbitrarias mediante una solicitud wp-login.php? • https://www.exploit-db.com/exploits/41963 https://github.com/cyberheartmi9/CVE-2017-8295 https://github.com/homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98295 http://www.securitytracker.com/id/1038403 https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html https://wpvulndb.com/vulnerabilities/8807 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-6816 – WordPress Core < 4.7.3 - Arbitrary File Deletion

https://notcve.org/view.php?id=CVE-2017-6816

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. En WordPress en versiones anteriores a 4.7.3 (wp-admin/plugins.php), los archivos no deseados pueden ser eliminados por los administradores utilizando la funcionalidad del plugin deletion. • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96598 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8767 • CWE-863: Incorrect Authorization •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-6817 – WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds

https://notcve.org/view.php?id=CVE-2017-6817

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. En WordPress en versiones anteriores a 4.7.3 (wp-includes/embed.php), hay secuencias de comandos en sitios cruzados (XSS) autenticada en URLs incrustadas de YouTube . • http://www.debian.org/security/2017/dsa-3815 http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-6819 – WordPress Core < 4.7.3 - Cross-Site Request Forgery via Press This

https://notcve.org/view.php?id=CVE-2017-6819

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. En WordPress en versiones anteriores a 4.7.3, hay CSRF en Press This (wp-admin/includes/class-wp-press-this.php), lo que conduce a un uso excesivo de recursos del servidor. El CSRF puede desencadenar una solicitud HTTP de salida para un archivo grande que luego se analiza mediante Press This. • http://openwall.com/lists/oss-security/2017/03/06/7 http://www.securityfocus.com/bid/96602 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8770 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6818 – WordPress Core < 4.7.3 - Cross-Site Scripting via Taxonomy names

https://notcve.org/view.php?id=CVE-2017-6818

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. En WordPress en versiones anteriores a 4.7.3 (wp-admin/js/tags-box.js), hay secuencias de comandos de sitios cruzados (XSS) a través de nombres de términos de taxonomía. • http://www.securityfocus.com/bid/96601 http://www.securitytracker.com/id/1037959 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •