[SECURITY] Fedora 25 Update: wordpress-4.7.2-1.fc25

2017-02-02T20:30:33

Description

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	25	wordpress	4.7.2

{"id": "FEDORA:E032360205BB", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: wordpress-4.7.2-1.fc25", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "published": "2017-02-02T20:30:33", "modified": "2017-02-02T20:30:33", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TGLV7N27ALMYFMCDOQ67I7JQWRFQUCKA/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "immutableFields": [], "lastseen": "2020-12-21T08:17:54", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:98A3F611-8E80-4158-88A2-63AC3A5CFC0A"]}, {"type": "cve", "idList": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"]}, {"type": "debian", "idList": ["DEBIAN:DLA-813-1:654E1", "DEBIAN:DLA-813-1:9A069", "DEBIAN:DSA-3779-1:5AD84", "DEBIAN:DSA-3779-1:EAFAD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5610", "DEBIANCVE:CVE-2017-5611", "DEBIANCVE:CVE-2017-5612"]}, {"type": "fedora", "idList": ["FEDORA:C1F73608DDB4"]}, {"type": "freebsd", "idList": ["14EA4458-E5CD-11E6-B56D-38D547003487"]}, {"type": "nessus", "idList": ["9950.PRM", "DEBIAN_DLA-813.NASL", "DEBIAN_DSA-3779.NASL", "FEDORA_2017-0BE7CE9E72.NASL", "FEDORA_2017-338A3F27E5.NASL", "FREEBSD_PKG_14EA4458E5CD11E6B56D38D547003487.NASL", "WEB_APPLICATION_SCANNING_98261", "WEB_APPLICATION_SCANNING_98262", "WEB_APPLICATION_SCANNING_98263", "WEB_APPLICATION_SCANNING_98264", "WEB_APPLICATION_SCANNING_98265", "WEB_APPLICATION_SCANNING_98266", "WEB_APPLICATION_SCANNING_98267", "WEB_APPLICATION_SCANNING_98268", "WEB_APPLICATION_SCANNING_98269", "WEB_APPLICATION_SCANNING_98270", "WEB_APPLICATION_SCANNING_98271", "WORDPRESS_4_7_2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108068", "OPENVAS:1361412562310108069", "OPENVAS:1361412562310703779", "OPENVAS:1361412562310872334", "OPENVAS:1361412562310872350", "OPENVAS:1361412562310890813", "OPENVAS:703779"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5610", "UB:CVE-2017-5611", "UB:CVE-2017-5612"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:481E3398-ED2E-460A-AF67-FF58027901D1", "WPVDB-ID:C448E613-6714-4AD7-864F-77659B4DA893", "WPVDB-ID:E99E456E-375A-4475-8070-229BC0E30C65"]}], "rev": 4}, "score": {"value": 4.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:98A3F611-8E80-4158-88A2-63AC3A5CFC0A"]}, {"type": "cve", "idList": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"]}, {"type": "debian", "idList": ["DEBIAN:DLA-813-1:9A069", "DEBIAN:DSA-3779-1:EAFAD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5610", "DEBIANCVE:CVE-2017-5611", "DEBIANCVE:CVE-2017-5612"]}, {"type": "fedora", "idList": ["FEDORA:C1F73608DDB4"]}, {"type": "freebsd", "idList": ["14EA4458-E5CD-11E6-B56D-38D547003487"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-813.NASL", "DEBIAN_DSA-3779.NASL", "FEDORA_2017-0BE7CE9E72.NASL", "FEDORA_2017-338A3F27E5.NASL", "FREEBSD_PKG_14EA4458E5CD11E6B56D38D547003487.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108068", "OPENVAS:1361412562310108069", "OPENVAS:1361412562310872334", "OPENVAS:1361412562310872350", "OPENVAS:703779"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5610", "UB:CVE-2017-5611", "UB:CVE-2017-5612"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:481E3398-ED2E-460A-AF67-FF58027901D1", "WPVDB-ID:C448E613-6714-4AD7-864F-77659B4DA893", "WPVDB-ID:E99E456E-375A-4475-8070-229BC0E30C65"]}]}, "exploitation": null, "vulnersScore": 4.9}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "wordpress", "packageVersion": "4.7.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2017-0be7ce9e72", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5612", "CVE-2017-5610", "CVE-2017-5611"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872350", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2017-0be7ce9e72\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872350\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:38:37 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wordpress FEDORA-2017-0be7ce9e72\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0be7ce9e72\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGLV7N27ALMYFMCDOQ67I7JQWRFQUCKA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.7.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2017-338a3f27e5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5612", "CVE-2017-5610", "CVE-2017-5611"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2017-338a3f27e5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872334\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:37:26 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wordpress FEDORA-2017-338a3f27e5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-338a3f27e5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP4ILNTAAD47SYCJOQJYNJPRWKLF67GB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.7.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-14T16:14:01", "description": "This host is running WordPress and is prone to multiple security vulnerabilities\n because it fails to sanitize user-supplied input.", "cvss3": {}, "published": "2017-02-02T00:00:00", "type": "openvas", "title": "WordPress < 4.7.2 Multiple Security Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5612", "CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310108069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# WordPress < 4.7.2 Multiple Security Vulnerabilities (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108069\");\n script_version(\"2019-11-12T13:33:43+0000\");\n script_cve_id(\"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\", \"CVE-2017-1001000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:33:43 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-02 14:20:15 +0100 (Thu, 02 Feb 2017)\");\n script_name(\"WordPress < 4.7.2 Multiple Security Vulnerabilities (Windows)\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n\n script_xref(name:\"URL\", value:\"https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/\");\n script_xref(name:\"URL\", value:\"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/\");\n script_xref(name:\"URL\", value:\"https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html\");\n script_xref(name:\"URL\", value:\"http://www.secpod.com/blog/wordpress-rest-api-zero-day-privilege-escalation-vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is running WordPress and is prone to multiple security vulnerabilities\n because it fails to sanitize user-supplied input.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - The user interface for assigning taxonomy terms in Press This is shown to\n users who do not have permissions to use it.\n\n - P_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.\n WordPress core is not directly vulnerable to this issue, but hardening was added to prevent plugins and themes\n from accidentally causing a vulnerability.\n\n - A cross-site scripting (XSS) vulnerability was discovered in the posts list table.\n\n - An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attacker to e.g. obtain sensitive information or inject arbitrary web script or HTML.\");\n\n script_tag(name:\"affected\", value:\"WordPress versions 4.7.1 and earlier.\");\n\n script_tag(name:\"solution\", value:\"Update to WordPress version 4.7.2.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"4.7.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.7.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-14T16:17:53", "description": "This host is running WordPress and is prone to multiple security vulnerabilities\n because it fails to sanitize user-supplied input.", "cvss3": {}, "published": "2017-02-02T00:00:00", "type": "openvas", "title": "WordPress < 4.7.2 Multiple Security Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5612", "CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310108068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# WordPress < 4.7.2 Multiple Security Vulnerabilities (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108068\");\n script_version(\"2019-11-12T13:33:43+0000\");\n script_cve_id(\"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\", \"CVE-2017-1001000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:33:43 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-02 14:20:15 +0100 (Thu, 02 Feb 2017)\");\n script_name(\"WordPress < 4.7.2 Multiple Security Vulnerabilities (Linux)\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n\n script_xref(name:\"URL\", value:\"https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/\");\n script_xref(name:\"URL\", value:\"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/\");\n script_xref(name:\"URL\", value:\"https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html\");\n script_xref(name:\"URL\", value:\"http://www.secpod.com/blog/wordpress-rest-api-zero-day-privilege-escalation-vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is running WordPress and is prone to multiple security vulnerabilities\n because it fails to sanitize user-supplied input.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - The user interface for assigning taxonomy terms in Press This is shown to\n users who do not have permissions to use it.\n\n - P_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.\n WordPress core is not directly vulnerable to this issue, but hardening was added to prevent plugins and themes\n from accidentally causing a vulnerability.\n\n - A cross-site scripting (XSS) vulnerability was discovered in the posts list table.\n\n - An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attacker to e.g. obtain sensitive information or inject arbitrary web script or HTML.\");\n\n script_tag(name:\"affected\", value:\"WordPress versions 4.7.1 and earlier.\");\n\n script_tag(name:\"solution\", value:\"Update to WordPress version 4.7.2.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"4.7.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.7.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:13", "description": "Several vulnerabilities were discovered\nin wordpress, a web blogging tool. They would allow remote attackers to hijack\nvictims", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3779-1 (wordpress - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5492", "CVE-2017-5612", "CVE-2017-5488", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5489", "CVE-2017-5491", "CVE-2017-5490", "CVE-2017-5611"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703779", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3779.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3779-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703779\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5488\", \"CVE-2017-5489\", \"CVE-2017-5490\", \"CVE-2017-5491\",\n \"CVE-2017-5492\", \"CVE-2017-5493\", \"CVE-2017-5610\", \"CVE-2017-5611\",\n \"CVE-2017-5612\");\n script_name(\"Debian Security Advisory DSA 3779-1 (wordpress - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:20 +0530 (Fri, 03 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3779.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"wordpress on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 4.1+dfsg-1+deb8u12.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 4.7.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin wordpress, a web blogging tool. They would allow remote attackers to hijack\nvictims' credentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.7.1+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.7.1+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.7.1+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyseventeen\", ver:\"4.7.1+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentysixteen\", ver:\"4.7.1+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.1+dfsg-1+deb8u12\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.1+dfsg-1+deb8u12\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.1+dfsg-1+deb8u12\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfourteen\", ver:\"4.1+dfsg-1+deb8u12\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentythirteen\", ver:\"4.1+dfsg-1+deb8u12\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:59", "description": "Several vulnerabilities were discovered\nin wordpress, a web blogging tool. They would allow remote attackers to hijack\nvictims", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3779-1 (wordpress - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5492", "CVE-2017-5612", "CVE-2017-5488", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5489", "CVE-2017-5491", "CVE-2017-5490", "CVE-2017-5611"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703779", "href": "http://plugins.openvas.org/nasl.php?oid=703779", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3779.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3779-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703779);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5488\", \"CVE-2017-5489\", \"CVE-2017-5490\", \"CVE-2017-5491\",\n \"CVE-2017-5492\", \"CVE-2017-5493\", \"CVE-2017-5610\", \"CVE-2017-5611\",\n \"CVE-2017-5612\");\n script_name(\"Debian Security Advisory DSA 3779-1 (wordpress - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:20 +0530 (Fri, 03 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3779.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wordpress on Debian Linux\");\n script_tag(name: \"insight\", value: \"WordPress is a full featured web\nblogging tool:\n\n* Instant publishing (no rebuilding)\n* Comment pingback support with spam protection\n* Non-crufty URLs\n* Themable\n* Plugin support\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 4.1+dfsg-1+deb8u12.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 4.7.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin wordpress, a web blogging tool. They would allow remote attackers to hijack\nvictims' credentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.7.1+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.7.1+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.7.1+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyseventeen\", ver:\"4.7.1+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentysixteen\", ver:\"4.7.1+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.1+dfsg-1+deb8u12\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.1+dfsg-1+deb8u12\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.1+dfsg-1+deb8u12\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfourteen\", ver:\"4.1+dfsg-1+deb8u12\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentythirteen\", ver:\"4.1+dfsg-1+deb8u12\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-29T20:12:13", "description": "Several vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in\nwp-admin/update-core.php in WordPress before 4.7.1 allow remote\nattackers to inject arbitrary web script or HTML via the name or\nversion header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before\n4.7.1 allows remote attackers to hijack the authentication of\nunspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback\nfunctionality in wp-includes/class-wp-theme.php in WordPress before\n4.7.1 allows remote attackers to inject arbitrary web script or HTML\nvia a crafted directory name of a theme, related to\nwp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to\nbypass intended posting restrictions via a spoofed mail server with the\nmail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing\naccessibility-mode feature in WordPress before 4.7.1 allows remote\nattackers to hijack the authentication of unspecified victims for\nrequests that perform a widgets-access action, related to\nwp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in WordPress\nbefore 4.7.1 does not properly choose random numbers for keys, which\nmakes it easier for remote attackers to bypass intended access\nrestrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress\nbefore 4.7.2 does not properly restrict visibility of a\ntaxonomy-assignment user interface, which allows remote attackers to\nbypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in\nWP_Query in WordPress before 4.7.2 allows remote attackers to execute\narbitrary SQL commands by leveraging the presence of an affected\nplugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list\ntable in WordPress before 4.7.2 allows remote attackers to inject\narbitrary web script or HTML via a crafted excerpt.", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for wordpress (DLA-813-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5492", "CVE-2017-5612", "CVE-2017-5488", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5489", "CVE-2017-5491", "CVE-2017-5490", "CVE-2017-5611"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890813", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890813\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5488\", \"CVE-2017-5489\", \"CVE-2017-5490\", \"CVE-2017-5491\", \"CVE-2017-5492\", \"CVE-2017-5493\", \"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n script_name(\"Debian LTS: Security Advisory for wordpress (DLA-813-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 00:00:00 +0100 (Fri, 05 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"wordpress on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.6.1+dfsg-1~deb7u13.\n\nWe recommend that you upgrade your wordpress packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in\nwp-admin/update-core.php in WordPress before 4.7.1 allow remote\nattackers to inject arbitrary web script or HTML via the name or\nversion header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before\n4.7.1 allows remote attackers to hijack the authentication of\nunspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback\nfunctionality in wp-includes/class-wp-theme.php in WordPress before\n4.7.1 allows remote attackers to inject arbitrary web script or HTML\nvia a crafted directory name of a theme, related to\nwp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to\nbypass intended posting restrictions via a spoofed mail server with the\nmail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing\naccessibility-mode feature in WordPress before 4.7.1 allows remote\nattackers to hijack the authentication of unspecified victims for\nrequests that perform a widgets-access action, related to\nwp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in WordPress\nbefore 4.7.1 does not properly choose random numbers for keys, which\nmakes it easier for remote attackers to bypass intended access\nrestrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress\nbefore 4.7.2 does not properly restrict visibility of a\ntaxonomy-assignment user interface, which allows remote attackers to\nbypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in\nWP_Query in WordPress before 4.7.2 allows remote attackers to execute\narbitrary SQL commands by leveraging the presence of an affected\nplugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list\ntable in WordPress before 4.7.2 allows remote attackers to inject\narbitrary web script or HTML via a crafted excerpt.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"wordpress\", ver:\"3.6.1+dfsg-1~deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"3.6.1+dfsg-1~deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nAaron D. Campbell reports:\n\nWordPress versions 4.7.1 and earlier are affected by three security\n\t issues:\n\nThe user interface for assigning taxonomy terms in Press This is\n\t shown to users who do not have permissions to use it.\nWP_Query is vulnerable to a SQL injection (SQLi) when passing\n\t unsafe data. WordPress core is not directly vulnerable to this\n\t issue, but we\u2019ve added hardening to prevent plugins and\n\t themes from accidentally causing a vulnerability.\nA cross-site scripting (XSS) vulnerability was discovered in the\n\t posts list table.\nAn unauthenticated privilege escalation vulnerability was\n\t discovered in a REST API endpoint.\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-01-26T00:00:00", "type": "freebsd", "title": "wordpress -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-01-26T00:00:00", "id": "14EA4458-E5CD-11E6-B56D-38D547003487", "href": "https://vuxml.freebsd.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-02-02T20:52:05", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: wordpress-4.7.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-02-02T20:52:05", "id": "FEDORA:C1F73608DDB4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TP4ILNTAAD47SYCJOQJYNJPRWKLF67GB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:37:57", "description": "Versions of WordPress prior to 4.7.2 are affected by multiple vulnerabilities :\n\n - A flaw exists in the 'wp-admin/includes/class-wp-press-this.php' script that is triggered as the user interface for assigning taxonomy terms is exposed to users, who do not have permission to use it. This may allow an authenticated, remote attacker to gain unauthorized acces to sensitive information.\n - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the 'wp-includes/class-wp-query.php' script not properly sanitizing input to post type names before using it in SQL queries. This may potentially allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. \n - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'wp-admin/includes/class-wp-posts-list-table.php' script does not properly validated input to posts list table excerpts before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.\n - A flaw exists in the '/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php' script that is due to a failure to securely perform permission checks. This may allow a remote attacker to change the content of arbitrary posts or pages.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2017-02-09T00:00:00", "type": "nessus", "title": "WordPress < 4.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "9950.PRM", "href": "https://www.tenable.com/plugins/nnm/9950", "sourceData": "Binary data 9950.prm", "cvss": {"score": 5.1, "vector": "CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:13:10", "description": "Aaron D. Campbell reports :\n\nWordPress versions 4.7.1 and earlier are affected by three security issues :\n\n- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.\n\n- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability.\n\n- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.\n\n- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:de-wordpress", "p-cpe:/a:freebsd:freebsd:ja-wordpress", "p-cpe:/a:freebsd:freebsd:ru-wordpress", "p-cpe:/a:freebsd:freebsd:wordpress", "p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN", "p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_14EA4458E5CD11E6B56D38D547003487.NASL", "href": "https://www.tenable.com/plugins/nessus/96850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96850);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n\n script_name(english:\"FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aaron D. Campbell reports :\n\nWordPress versions 4.7.1 and earlier are affected by three security\nissues :\n\n- The user interface for assigning taxonomy terms in Press This is\nshown to users who do not have permissions to use it.\n\n- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe\ndata. WordPress core is not directly vulnerable to this issue, but\nwe've added hardening to prevent plugins and themes from\naccidentally causing a vulnerability.\n\n- A cross-site scripting (XSS) vulnerability was discovered in the\nposts list table.\n\n- An unauthenticated privilege escalation vulnerability was discovered\nin a REST API endpoint.\"\n );\n # http://www.openwall.com/lists/oss-security/2017/01/28/5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/01/28/5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/\"\n );\n # https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aeb834e4\"\n );\n # https://vuxml.freebsd.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc40e1c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wordpress<4.7.2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress<4.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress<4.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress<4.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress-zh_CN<4.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress-zh_TW<4.7.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:30", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.0.x < 4.0.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98268", "href": "https://www.tenable.com/plugins/was/98268", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:09", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.7.x < 4.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98261", "href": "https://www.tenable.com/plugins/was/98261", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:11", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.4.x < 4.4.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98264", "href": "https://www.tenable.com/plugins/was/98264", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:39", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 3.7.x < 3.7.18 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98271", "href": "https://www.tenable.com/plugins/was/98271", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:44", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.3.x < 4.3.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98265", "href": "https://www.tenable.com/plugins/was/98265", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:09", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.1.x < 4.1.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98267", "href": "https://www.tenable.com/plugins/was/98267", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:20", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 3.8.x < 3.8.18 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98270", "href": "https://www.tenable.com/plugins/was/98270", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:09", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.6.x < 4.6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98262", "href": "https://www.tenable.com/plugins/was/98262", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:47", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.5.x < 4.5.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98263", "href": "https://www.tenable.com/plugins/was/98263", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:59", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98266", "href": "https://www.tenable.com/plugins/was/98266", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:15", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "WordPress 3.9.x < 3.9.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98269", "href": "https://www.tenable.com/plugins/was/98269", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:10:48", "description": "According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.2.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information.\n (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.\n (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts. (CVE-2017-1001000)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-31T00:00:00", "type": "nessus", "title": "WordPress < 4.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1001000", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2019-03-29T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_4_7_2.NASL", "href": "https://www.tenable.com/plugins/nessus/96906", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96906);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/03/29 9:51:59\");\n\n script_cve_id(\n \"CVE-2017-5610\",\n \"CVE-2017-5611\",\n \"CVE-2017-5612\",\n \"CVE-2017-1001000\"\n );\n script_bugtraq_id(95816);\n script_xref(name:\"EDB-ID\", value:\"41223\");\n script_xref(name:\"EDB-ID\", value:\"41224\");\n script_xref(name:\"EDB-ID\", value:\"41308\");\n\n script_name(english:\"WordPress < 4.7.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PHP application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is prior to 4.7.2.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n class-wp-press-this.php script due to a failure to\n properly restrict the user interface for assigning\n taxonomy terms. An authenticated, remote attacker can\n exploit this to disclose sensitive information.\n (CVE-2017-5610)\n\n - A SQL injection (SQLi) vulnerability exists in the\n class-wp-query.php script due to a failure to sanitize\n input to post type names. An unauthenticated, remote\n attacker can exploit this to inject or manipulate SQL\n queries in the back-end database, resulting in the\n disclosure or manipulation of arbitrary data.\n (CVE-2017-5611)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n class-wp-posts-list-table.php script due to improper\n validation of input to the posts list table. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted request, to execute arbitrary script\n code in a user's browser session. (CVE-2017-5612)\n\n - A privilege escalation vulnerability exists in the REST\n API due to a failure to properly sanitize user-supplied\n input to the 'id' parameter when editing or deleting\n blog posts. An unauthenticated, remote attacker can\n exploit this issue to run arbitrary PHP code, inject\n content into blog posts, modify blog post attributes, or\n delete blog posts. (CVE-2017-1001000)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_4.7.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 4.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5611\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"WordPress\";\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"min_version\":\"3.5\", \"fixed_version\":\"3.7.18\", \"fixed_display\" : \"3.7.18 / 4.7.2\" },\n { \"min_version\":\"3.8\", \"fixed_version\":\"3.8.18\", \"fixed_display\" : \"3.8.18 / 4.7.2\" },\n { \"min_version\":\"3.9\", \"fixed_version\":\"3.9.16\", \"fixed_display\" : \"3.9.16 / 4.7.2\" },\n { \"min_version\":\"4.0\", \"fixed_version\":\"4.0.15\", \"fixed_display\" : \"4.0.15 / 4.7.2\" },\n { \"min_version\":\"4.1\", \"fixed_version\":\"4.1.15\", \"fixed_display\" : \"4.1.15 / 4.7.2\" },\n { \"min_version\":\"4.2\", \"fixed_version\":\"4.2.12\", \"fixed_display\" : \"4.2.12 / 4.7.2\" },\n { \"min_version\":\"4.3\", \"fixed_version\":\"4.3.8\", \"fixed_display\" : \"4.3.8 / 4.7.2\" },\n { \"min_version\":\"4.4\", \"fixed_version\":\"4.4.7\", \"fixed_display\" : \"4.4.7 / 4.7.2\" },\n { \"min_version\":\"4.5\", \"fixed_version\":\"4.5.6\", \"fixed_display\" : \"4.5.6 / 4.7.2\" },\n { \"min_version\":\"4.6\", \"fixed_version\":\"4.6.3\", \"fixed_display\" : \"4.6.3 / 4.7.2\" },\n { \"min_version\":\"4.7\", \"fixed_version\":\"4.7.2\", \"fixed_display\" : \"4.7.2\" }\n];\n\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE, sqli:TRUE}\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:29", "description": "Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims' credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-02T00:00:00", "type": "nessus", "title": "Debian DSA-3779-1 : wordpress - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3779.NASL", "href": "https://www.tenable.com/plugins/nessus/96932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3779. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96932);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5488\", \"CVE-2017-5489\", \"CVE-2017-5490\", \"CVE-2017-5491\", \"CVE-2017-5492\", \"CVE-2017-5493\", \"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n script_xref(name:\"DSA\", value:\"3779\");\n\n script_name(english:\"Debian DSA-3779-1 : wordpress - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to hijack victims'\ncredentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3779\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4.1+dfsg-1+deb8u12.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"wordpress\", reference:\"4.1+dfsg-1+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-l10n\", reference:\"4.1+dfsg-1+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentyfifteen\", reference:\"4.1+dfsg-1+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentyfourteen\", reference:\"4.1+dfsg-1+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentythirteen\", reference:\"4.1+dfsg-1+deb8u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:27", "description": "Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~deb7u13.\n\nWe recommend that you upgrade your wordpress packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-02T00:00:00", "type": "nessus", "title": "Debian DLA-813-1 : wordpress security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "p-cpe:/a:debian:debian_linux:wordpress-l10n", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-813.NASL", "href": "https://www.tenable.com/plugins/nessus/96930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-813-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96930);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5488\", \"CVE-2017-5489\", \"CVE-2017-5490\", \"CVE-2017-5491\", \"CVE-2017-5492\", \"CVE-2017-5493\", \"CVE-2017-5610\", \"CVE-2017-5611\", \"CVE-2017-5612\");\n\n script_name(english:\"Debian DLA-813-1 : wordpress security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in\nwp-admin/update-core.php in WordPress before 4.7.1 allow remote\nattackers to inject arbitrary web script or HTML via the name or\nversion header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before\n4.7.1 allows remote attackers to hijack the authentication of\nunspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback\nfunctionality in wp-includes/class-wp-theme.php in WordPress before\n4.7.1 allows remote attackers to inject arbitrary web script or HTML\nvia a crafted directory name of a theme, related to\nwp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to\nbypass intended posting restrictions via a spoofed mail server with\nthe mail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing\naccessibility-mode feature in WordPress before 4.7.1 allows remote\nattackers to hijack the authentication of unspecified victims for\nrequests that perform a widgets-access action, related to\nwp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in\nWordPress before 4.7.1 does not properly choose random numbers for\nkeys, which makes it easier for remote attackers to bypass intended\naccess restrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress\nbefore 4.7.2 does not properly restrict visibility of a\ntaxonomy-assignment user interface, which allows remote attackers to\nbypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in\nWP_Query in WordPress before 4.7.2 allows remote attackers to execute\narbitrary SQL commands by leveraging the presence of an affected\nplugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list\ntable in WordPress before 4.7.2 allows remote attackers to inject\narbitrary web script or HTML via a crafted excerpt.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.6.1+dfsg-1~deb7u13.\n\nWe recommend that you upgrade your wordpress packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wordpress\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected wordpress, and wordpress-l10n packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"wordpress\", reference:\"3.6.1+dfsg-1~deb7u13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wordpress-l10n\", reference:\"3.6.1+dfsg-1~deb7u13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:13", "description": "**WordPress 4.7.2 Security Release**\n\nWordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.\n\nWordPress versions 4.7.1 and earlier are affected by three security issues :\n\n - The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.\n\n - WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).\n\n - A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "Fedora 25 : wordpress (2017-0be7ce9e72)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5610"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-0BE7CE9E72.NASL", "href": "https://www.tenable.com/plugins/nessus/96964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0be7ce9e72.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96964);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5610\");\n script_xref(name:\"FEDORA\", value:\"2017-0be7ce9e72\");\n\n script_name(english:\"Fedora 25 : wordpress (2017-0be7ce9e72)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**WordPress 4.7.2 Security Release**\n\nWordPress 4.7.2 is now available. This is a security release for all\nprevious versions and we strongly encourage you to update your sites\nimmediately.\n\nWordPress versions 4.7.1 and earlier are affected by three security\nissues :\n\n - The user interface for assigning taxonomy terms in Press\n This is shown to users who do not have permissions to\n use it. Reported by David Herrera of Alley Interactive.\n\n - WP_Query is vulnerable to a SQL injection (SQLi) when\n passing unsafe data. WordPress core is not directly\n vulnerable to this issue, but we’ve added\n hardening to prevent plugins and themes from\n accidentally causing a vulnerability. Reported by Mo\n Jangda (batmoo).\n\n - A cross-site scripting (XSS) vulnerability was\n discovered in the posts list table. Reported by Ian Dunn\n of the WordPress Security Team.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0be7ce9e72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"wordpress-4.7.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:04", "description": "**WordPress 4.7.2 Security Release**\n\nWordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.\n\nWordPress versions 4.7.1 and earlier are affected by three security issues :\n\n - The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.\n\n - WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).\n\n - A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "Fedora 24 : wordpress (2017-338a3f27e5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5610"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-338A3F27E5.NASL", "href": "https://www.tenable.com/plugins/nessus/96965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-338a3f27e5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96965);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5610\");\n script_xref(name:\"FEDORA\", value:\"2017-338a3f27e5\");\n\n script_name(english:\"Fedora 24 : wordpress (2017-338a3f27e5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**WordPress 4.7.2 Security Release**\n\nWordPress 4.7.2 is now available. This is a security release for all\nprevious versions and we strongly encourage you to update your sites\nimmediately.\n\nWordPress versions 4.7.1 and earlier are affected by three security\nissues :\n\n - The user interface for assigning taxonomy terms in Press\n This is shown to users who do not have permissions to\n use it. Reported by David Herrera of Alley Interactive.\n\n - WP_Query is vulnerable to a SQL injection (SQLi) when\n passing unsafe data. WordPress core is not directly\n vulnerable to this issue, but we’ve added\n hardening to prevent plugins and themes from\n accidentally causing a vulnerability. Reported by Mo\n Jangda (batmoo).\n\n - A cross-site scripting (XSS) vulnerability was\n discovered in the posts list table. Reported by Ian Dunn\n of the WordPress Security Team.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-338a3f27e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"wordpress-4.7.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-11-30T03:24:15", "description": "Package : wordpress\nVersion : 3.6.1+dfsg-1~deb7u13\nCVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490\n CVE-2017-5491 CVE-2017-5492 CVE-2017-5493\n CVE-2017-5610 CVE-2017-5611 CVE-2017-5612\nDebian Bug : 851310 852767\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in\nwp-admin/update-core.php in WordPress before 4.7.1 allow remote\nattackers to inject arbitrary web script or HTML via the name or\nversion header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before\n4.7.1 allows remote attackers to hijack the authentication of\nunspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback\nfunctionality in wp-includes/class-wp-theme.php in WordPress before\n4.7.1 allows remote attackers to inject arbitrary web script or HTML\nvia a crafted directory name of a theme, related to\nwp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to\nbypass intended posting restrictions via a spoofed mail server with the\nmail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing\naccessibility-mode feature in WordPress before 4.7.1 allows remote\nattackers to hijack the authentication of unspecified victims for\nrequests that perform a widgets-access action, related to\nwp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in WordPress\nbefore 4.7.1 does not properly choose random numbers for keys, which\nmakes it easier for remote attackers to bypass intended access\nrestrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress\nbefore 4.7.2 does not properly restrict visibility of a\ntaxonomy-assignment user interface, which allows remote attackers to\nbypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in\nWP_Query in WordPress before 4.7.2 allows remote attackers to execute\narbitrary SQL commands by leveraging the presence of an affected\nplugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list\ntable in WordPress before 4.7.2 allows remote attackers to inject\narbitrary web script or HTML via a crafted excerpt.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.6.1+dfsg-1~deb7u13.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-02-01T08:02:56", "type": "debian", "title": "[SECURITY] [DLA 813-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-02-01T08:02:56", "id": "DEBIAN:DLA-813-1:9A069", "href": "https://lists.debian.org/debian-lts-announce/2017/02/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-12T00:28:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3779-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nFebruary 01, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 \n CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 \n CVE-2017-5612\nDebian Bug : 851310 852767\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to hijack victims'\ncredentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u12.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 4.7.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-02-01T14:30:41", "type": "debian", "title": "[SECURITY] [DSA 3779-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-02-01T14:30:41", "id": "DEBIAN:DSA-3779-1:EAFAD", "href": "https://lists.debian.org/debian-security-announce/2017/msg00030.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:07:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3779-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nFebruary 01, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 \n CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 \n CVE-2017-5612\nDebian Bug : 851310 852767\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to hijack victims'\ncredentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u12.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 4.7.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-02-01T14:30:41", "type": "debian", "title": "[SECURITY] [DSA 3779-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-02-01T14:30:41", "id": "DEBIAN:DSA-3779-1:5AD84", "href": "https://lists.debian.org/debian-security-announce/2017/msg00030.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T14:02:41", "description": "Package : wordpress\nVersion : 3.6.1+dfsg-1~deb7u13\nCVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490\n CVE-2017-5491 CVE-2017-5492 CVE-2017-5493\n CVE-2017-5610 CVE-2017-5611 CVE-2017-5612\nDebian Bug : 851310 852767\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2017-5488\n\nMultiple cross-site scripting (XSS) vulnerabilities in\nwp-admin/update-core.php in WordPress before 4.7.1 allow remote\nattackers to inject arbitrary web script or HTML via the name or\nversion header of a plugin.\n\nCVE-2017-5489\n\nCross-site request forgery (CSRF) vulnerability in WordPress before\n4.7.1 allows remote attackers to hijack the authentication of\nunspecified victims via vectors involving a Flash file upload.\n\nCVE-2017-5490\n\nCross-site scripting (XSS) vulnerability in the theme-name fallback\nfunctionality in wp-includes/class-wp-theme.php in WordPress before\n4.7.1 allows remote attackers to inject arbitrary web script or HTML\nvia a crafted directory name of a theme, related to\nwp-admin/includes/class-theme-installer-skin.php.\n\nCVE-2017-5491\n\nwp-mail.php in WordPress before 4.7.1 might allow remote attackers to\nbypass intended posting restrictions via a spoofed mail server with the\nmail.example.com name.\n\nCVE-2017-5492\n\nCross-site request forgery (CSRF) vulnerability in the widget-editing\naccessibility-mode feature in WordPress before 4.7.1 allows remote\nattackers to hijack the authentication of unspecified victims for\nrequests that perform a widgets-access action, related to\nwp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.\n\nCVE-2017-5493\n\nwp-includes/ms-functions.php in the Multisite WordPress API in WordPress\nbefore 4.7.1 does not properly choose random numbers for keys, which\nmakes it easier for remote attackers to bypass intended access\nrestrictions via a crafted site signup or user signup.\n\nCVE-2017-5610\n\nwp-admin/includes/class-wp-press-this.php in Press This in WordPress\nbefore 4.7.2 does not properly restrict visibility of a\ntaxonomy-assignment user interface, which allows remote attackers to\nbypass intended access restrictions by reading terms.\n\nCVE-2017-5611\n\nSQL injection vulnerability in wp-includes/class-wp-query.php in\nWP_Query in WordPress before 4.7.2 allows remote attackers to execute\narbitrary SQL commands by leveraging the presence of an affected\nplugin or theme that mishandles a crafted post type name.\n\nCVE-2017-5612\n\nCross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list\ntable in WordPress before 4.7.2 allows remote attackers to inject\narbitrary web script or HTML via a crafted excerpt.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.6.1+dfsg-1~deb7u13.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-02-01T08:02:56", "type": "debian", "title": "[SECURITY] [DLA 813-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493", "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612"], "modified": "2017-02-01T08:02:56", "id": "DEBIAN:DLA-813-1:654E1", "href": "https://lists.debian.org/debian-lts-announce/2017/02/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "wpvulndb": [{"lastseen": "2021-02-15T21:55:22", "description": "\n", "cvss3": {}, "published": "2017-01-26T00:00:00", "type": "wpvulndb", "title": "WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-5610"], "modified": "2020-09-22T07:18:03", "id": "WPVDB-ID:C448E613-6714-4AD7-864F-77659B4DA893", "href": "https://wpscan.com/vulnerability/c448e613-6714-4ad7-864f-77659b4da893", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-15T21:55:23", "description": "\n", "cvss3": {}, "published": "2017-01-26T00:00:00", "type": "wpvulndb", "title": "WordPress 3.5-4.7.1 - WP_Query SQL Injection", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-5611"], "modified": "2020-09-22T07:18:04", "id": "WPVDB-ID:481E3398-ED2E-460A-AF67-FF58027901D1", "href": "https://wpscan.com/vulnerability/481e3398-ed2e-460a-af67-ff58027901d1", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-15T21:55:11", "description": "\n", "cvss3": {}, "published": "2017-01-26T00:00:00", "type": "wpvulndb", "title": "WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-5612"], "modified": "2020-09-22T07:18:06", "id": "WPVDB-ID:E99E456E-375A-4475-8070-229BC0E30C65", "href": "https://wpscan.com/vulnerability/e99e456e-375a-4475-8070-229bc0e30c65", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:44:18", "description": "wp-admin/includes/class-wp-press-this.php in Press This in WordPress before\n4.7.2 does not properly restrict visibility of a taxonomy-assignment user\ninterface, which allows remote attackers to bypass intended access\nrestrictions by reading terms.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5610", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5610"], "modified": "2017-01-30T00:00:00", "id": "UB:CVE-2017-5610", "href": "https://ubuntu.com/security/CVE-2017-5610", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:44:18", "description": "SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query\nin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL\ncommands by leveraging the presence of an affected plugin or theme that\nmishandles a crafted post type name.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5611", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5611"], "modified": "2017-01-30T00:00:00", "id": "UB:CVE-2017-5611", "href": "https://ubuntu.com/security/CVE-2017-5611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:44:18", "description": "Cross-site scripting (XSS) vulnerability in\nwp-admin/includes/class-wp-posts-list-table.php in the posts list table in\nWordPress before 4.7.2 allows remote attackers to inject arbitrary web\nscript or HTML via a crafted excerpt.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5612", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5612"], "modified": "2017-01-30T00:00:00", "id": "UB:CVE-2017-5612", "href": "https://ubuntu.com/security/CVE-2017-5612", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-06-07T06:02:37", "description": "wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-01-30T04:59:00", "type": "debiancve", "title": "CVE-2017-5610", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5610"], "modified": "2017-01-30T04:59:00", "id": "DEBIANCVE:CVE-2017-5610", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5610", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-07T06:02:37", "description": "SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-30T04:59:00", "type": "debiancve", "title": "CVE-2017-5611", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5611"], "modified": "2017-01-30T04:59:00", "id": "DEBIANCVE:CVE-2017-5611", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-07T06:02:37", "description": "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-30T04:59:00", "type": "debiancve", "title": "CVE-2017-5612", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5612"], "modified": "2017-01-30T04:59:00", "id": "DEBIANCVE:CVE-2017-5612", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5612", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:53:25", "description": "wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-01-30T04:59:00", "type": "cve", "title": "CVE-2017-5610", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5610"], "modified": "2019-03-19T14:37:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:wordpress:wordpress:4.7.1"], "id": "CVE-2017-5610", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5610", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:53:26", "description": "SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-30T04:59:00", "type": "cve", "title": "CVE-2017-5611", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5611"], "modified": "2021-01-30T02:37:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:data_integrator:12.2.1.3.0", "cpe:/a:oracle:data_integrator:12.2.1.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:wordpress:wordpress:4.7.1", "cpe:/a:oracle:data_integrator:11.1.1.9.0"], "id": "CVE-2017-5611", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:data_integrator:11.1.1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:53:28", "description": "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-30T04:59:00", "type": "cve", "title": "CVE-2017-5612", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5612"], "modified": "2019-03-19T12:27:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:wordpress:wordpress:4.7.1"], "id": "CVE-2017-5612", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5612", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2022-06-05T04:59:40", "description": "SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-30T00:00:00", "type": "attackerkb", "title": "CVE-2017-5611", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5611"], "modified": "2021-01-31T00:00:00", "id": "AKB:98A3F611-8E80-4158-88A2-63AC3A5CFC0A", "href": "https://attackerkb.com/topics/66jOveFUBG/cve-2017-5611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2021-10-22T15:44:15", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 329 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2739494.1>).\n\n**Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server: [CVE-2020-14750 (November 1, 2020)](<https://www.oracle.com/security-alerts/alert-cve-2020-14750.html>). Customers are strongly advised to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-19T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2098", "CVE-2015-4000", "CVE-2015-8965", "CVE-2016-1000031", "CVE-2016-5725", "CVE-2017-12626", "CVE-2017-5611", "CVE-2017-5645", "CVE-2017-8028", "CVE-2018-0732", "CVE-2018-10237", "CVE-2018-11775", "CVE-2018-1258", "CVE-2018-1285", "CVE-2018-15756", "CVE-2018-20781", "CVE-2018-2587", "CVE-2018-7318", "CVE-2018-8032", "CVE-2018-9019", "CVE-2019-0188", "CVE-2019-0227", "CVE-2019-0230", "CVE-2019-0233", "CVE-2019-10086", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11135", "CVE-2019-11269", "CVE-2019-11358", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-13990", "CVE-2019-14862", "CVE-2019-1551", "CVE-2019-1559", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17563", "CVE-2019-17566", "CVE-2019-17569", "CVE-2019-20892", "CVE-2019-20907", "CVE-2019-2697", "CVE-2019-3773", "CVE-2019-3778", "CVE-2019-5427", "CVE-2019-7164", "CVE-2019-7548", "CVE-2019-9511", "CVE-2019-9513", "CVE-2020-10531", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10725", "CVE-2020-10726", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11612", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11984", "CVE-2020-11985", "CVE-2020-11993", "CVE-2020-11994", "CVE-2020-11996", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13254", "CVE-2020-13596", "CVE-2020-13871", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13954", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14147", "CVE-2020-14195", "CVE-2020-14422", "CVE-2020-14750", "CVE-2020-14756", "CVE-2020-14803", "CVE-2020-15025", "CVE-2020-15358", "CVE-2020-17498", "CVE-2020-17521", "CVE-2020-17530", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24583", "CVE-2020-24584", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25020", "CVE-2020-2555", "CVE-2020-25862", "CVE-2020-25863", "CVE-2020-25866", "CVE-2020-26575", "CVE-2020-27216", "CVE-2020-35460", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7064", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-1993", "CVE-2021-1994", "CVE-2021-1995", "CVE-2021-1996", "CVE-2021-1997", "CVE-2021-1998", "CVE-2021-1999", "CVE-2021-2000", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2003", "CVE-2021-2004", "CVE-2021-2005", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2013", "CVE-2021-2014", "CVE-2021-2015", "CVE-2021-2016", "CVE-2021-2017", "CVE-2021-2018", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2023", "CVE-2021-2024", "CVE-2021-2025", "CVE-2021-2026", "CVE-2021-2027", "CVE-2021-2028", "CVE-2021-2029", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2033", "CVE-2021-2034", "CVE-2021-2035", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2039", "CVE-2021-2040", "CVE-2021-2041", "CVE-2021-2042", "CVE-2021-2043", "CVE-2021-2044", "CVE-2021-2045", "CVE-2021-2046", "CVE-2021-2047", "CVE-2021-2048", "CVE-2021-2049", "CVE-2021-2050", "CVE-2021-2051", "CVE-2021-2052", "CVE-2021-2054", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2057", "CVE-2021-2058", "CVE-2021-2059", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2062", "CVE-2021-2063", "CVE-2021-2064", "CVE-2021-2065", "CVE-2021-2066", "CVE-2021-2067", "CVE-2021-2068", "CVE-2021-2069", "CVE-2021-2070", "CVE-2021-2071", "CVE-2021-2072", "CVE-2021-2073", "CVE-2021-2074", "CVE-2021-2075", "CVE-2021-2076", "CVE-2021-2077", "CVE-2021-2078", "CVE-2021-2079", "CVE-2021-2080", "CVE-2021-2081", "CVE-2021-2082", "CVE-2021-2083", "CVE-2021-2084", "CVE-2021-2085", "CVE-2021-2086", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2089", "CVE-2021-2090", "CVE-2021-2091", "CVE-2021-2092", "CVE-2021-2093", "CVE-2021-2094", "CVE-2021-2096", "CVE-2021-2097", "CVE-2021-2098", "CVE-2021-2099", "CVE-2021-2100", "CVE-2021-2101", "CVE-2021-2102", "CVE-2021-2103", "CVE-2021-2104", "CVE-2021-2105", "CVE-2021-2106", "CVE-2021-2107", "CVE-2021-2108", "CVE-2021-2109", "CVE-2021-2110", "CVE-2021-2111", "CVE-2021-2112", "CVE-2021-2113", "CVE-2021-2114", "CVE-2021-2115", "CVE-2021-2116", "CVE-2021-2117", "CVE-2021-2118", "CVE-2021-2119", "CVE-2021-2120", "CVE-2021-2121", "CVE-2021-2122", "CVE-2021-2123", "CVE-2021-2124", "CVE-2021-2125", "CVE-2021-2126", "CVE-2021-2127", "CVE-2021-2128", "CVE-2021-2129", "CVE-2021-2130", "CVE-2021-2131"], "modified": "2021-02-22T00:00:00", "id": "ORACLE:CPUJAN2021", "href": "https://www.oracle.com/security-alerts/cpujan2021.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

[SECURITY] Fedora 25 Update: wordpress-4.7.2-1.fc25

Description

Affected Package

Related