Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x prior to 4.7.2 does not require an integer identifier, which allows remote malicious users to modify arbitrary pages via a request for wp-json/wp/v...
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7
Wordpress Wordpress 4.7.2
1 Nmap script
3 Github repositories
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Wordpress Wordpress 4.7.5
Wordpress Wordpress 4.8
Wordpress Wordpress 4.7.3
Wordpress Wordpress 4.7.4
Wordpress Wordpress 4.7
Wordpress Wordpress 4.8.1
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
5.3
CVSSv3
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1 does not properly restrict listings of post authors, which allows remote malicious users to obtain sensitive information via a wp-json/wp/v2/users requ...
Wordpress Wordpress
1 EDB exploit
25 Github repositories
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
8.8
CVSSv3
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
Wordpress Wordpress
5.3
CVSSv3
CVE-2017-5491
wp-mail.php in WordPress prior to 4.7.1 might allow remote malicious users to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-5488
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress prior to 4.7.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-5490
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress prior to 4.7.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includ...
Wordpress Wordpress
1 Github repository
7.5
CVSSv3
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress prior to 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote malicious users to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Wordpress Wordpress
8.8
CVSSv3
CVE-2017-5492
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/in...
Wordpress Wordpress
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »