CVE-2017-5612 – WordPress Core < 4.7.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-5612
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. Vulnerabilidad de XSS en wp-admin/includes/class-wp-posts-list-table.php en la tabla de lista de publicaciones en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un extracto manipulado. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/28/5 http://www.securityfocus.com/bid/95816 http://www.securitytracker.com/id/1037731 https://codex.wordpress.org/Version_4.7.2 https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849 https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release https://wpvulndb.com/vulnerabilities/8731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1001000 – WordPress Core < 4.7.2 - Arbitrary Page Modification
https://notcve.org/view.php?id=CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. La función register_routes en wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php en la API REST en WordPress 4.7.x en versiones anteriores a 4.7.2 no requiere un identificador de número entero, lo que permite a atacantes remotos modificar páginas arbitrarias a través de una solicitud para wp-json/wp/v2/posts seguida por un valor numérico y un valor no numérico, según lo demostrado mediante la URI wp-json/wp/v2/posts/123?id=123helloworld. • http://www.openwall.com/lists/oss-security/2017/02/10/16 http://www.securitytracker.com/id/1037731 https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html https://codex.wordpress.org/Version_4.7.2 https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7 https://make.wordpress.org/core/2017/02/01/disclosure-of • CWE-285: Improper Authorization •
CVE-2017-5611 – WordPress Core < 4.7.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. Vulnerabilidad de inyección SQL en wp-includes/class-wp-query.php en WP_Query en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios aprovechando la presencia de un plugin o tema afectado que no maneja correctamente un nombre de tipo de publicación manipulado. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/28/5 http://www.securityfocus.com/bid/95816 http://www.securitytracker.com/id/1037731 https://codex.wordpress.org/Version_4.7.2 https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release https://wpvulndb.com/vulnerabilities/8730 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-5610 – WordPress Core < 4.7.2 - Authorization Bypass to Term Disclosure
https://notcve.org/view.php?id=CVE-2017-5610
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. wp-admin/includes/class-wp-press-this.php en Press This en WordPress versiones anteriores a 4.7.2 no restringe adecuadamente la visibilidad de una interfaz de usuario de asignación de taxonomía, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso leyendo términos. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/28/5 http://www.securityfocus.com/bid/95816 http://www.securitytracker.com/id/1037731 https://codex.wordpress.org/Version_4.7.2 https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454 https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release https://wpvulndb.com/vulnerabilities/8729 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVE-2017-5487 – WordPress Core < 4.7.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php en la implementación REST API en WordPress 4.7 en versiones anteriores a 4.7.1 no restringe adecuadamente los listados de autores de publicación, lo que permite a atacantes remotos obtener información sensible a través de una petición wp-json/wp/v2/users. • https://www.exploit-db.com/exploits/41497 https://github.com/patilkr/wp-CVE-2017-5487-exploit https://github.com/K3ysTr0K3R/CVE-2017-5487-EXPLOIT https://github.com/GeunSam2/CVE-2017-5487 https://github.com/Jhonsonwannaa/CVE-2017-5487 https://github.com/SeasonLeague/CVE-2017-5487 https://github.com/zkhalidul/GrabberWP-CVE-2017-5487 https://github.com/Ravindu-Priyankara/CVE-2017-5487-vulnerability-on-NSBM http://www.openwall.com/lists/oss-security/2017/01/14/6 http://www • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •