Lucene search

FreeBSDA48D4478-E23F-4085-8AE4-6B3A7B6F016B

HistorySep 23, 2017 - 12:00 a.m.

wordpress -- multiple issues

2017-09-2300:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

75.9%

JSON

wordpress developers report:

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchwordpress< 4.8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	wordpress	< 4.8.2	UNKNOWN

References

www.securityfocus.com/bid/100912

core.trac.wordpress.org/changeset/41393

core.trac.wordpress.org/changeset/41395

core.trac.wordpress.org/changeset/41397

core.trac.wordpress.org/changeset/41412

core.trac.wordpress.org/changeset/41448

core.trac.wordpress.org/changeset/41457

wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

wpvulndb.com/vulnerabilities/8911

wpvulndb.com/vulnerabilities/8912

wpvulndb.com/vulnerabilities/8913

wpvulndb.com/vulnerabilities/8914

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for A48D4478-E23F-4085-8AE4-6B3A7B6F016B