Skip to main content
CVE-2017-5487 MEDIUM POC PATCH THREAT This Month

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.5%.

WordPress PHP Information Disclosure
NVD GitHub Exploit-DB VulDB
CVSS 3.0
5.3
EPSS
92.5%
Threat
5.3
CVE-2017-5490 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-5488 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-5491 MEDIUM PATCH This Month

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass PHP
NVD GitHub VulDB
CVSS 3.0
5.3
EPSS
1.6%
CVE-2017-5494 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS B2Evolution
NVD GitHub VulDB
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy