Skip to main content
CVE-2017-6819 MEDIUM POC PATCH THREAT This Month

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

WordPress CSRF PHP
NVD GitHub
CVSS 3.0
6.5
EPSS
13.4%
CVE-2017-6814 MEDIUM POC PATCH This Month

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
2.4%
CVE-2017-6818 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress
NVD GitHub
CVSS 3.0
6.1
EPSS
9.3%
CVE-2017-6815 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
6.4%
CVE-2017-6817 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.1%
CVE-2017-6820 MEDIUM PATCH This Month

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2014-9645 MEDIUM PATCH This Month

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Busybox
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6816 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass PHP Debian Linux
NVD GitHub
CVSS 3.0
4.9
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy