400 matches found
DEBIAN-CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
Directory traversal
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
UBUNTU-CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename...
wordpress -- multiple issues
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...
WordPress customizer plugin path traversal vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in the WordPress customizer plugin. Allowing a remote attacker to exploit the...
WordPress <=4.8.1 - Path traversal vulnerability (customizer)
Path traversal vulnerability found by Weston Ruter of the WordPress Security Team in WordPress customizer version 4.8.1 and earlier versions. Solution Update the WordPress to the latest available version at least 4.8.2...
Fedora 26 : wordpress (2017-fe7c3c9c30)
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues : - Insufficient redirect validation in the HTTP class. Reported by Ronni...
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
Cross site scripting
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
UBUNTU-CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
DEBIAN-CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...
CVE-2017-9063
CVE-2017-9063 affects WordPress before 4.7.5 and is a stored XSS in the Customizer due to an invalid customization session. Impact: potential script execution in users’ browsers. remediation: upgrade WordPress to 4.7.5 or later. Notes from connected docs confirm the issue details and version boun...
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability related to the Customizer exists, involving an invalid customization session...