WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API

...

WordPress < 4.7.2 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.2. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly...

FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)

Aaron D. Campbell reports : WordPress versions 4.7.1 and earlier are affected by three security issues : - The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. - WPQuery is vulnerable to a SQL injection SQLi when passing unsafe dat...

wordpress -- multiple vulnerabilities

Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WPQuery is vulnerable to a SQL injection SQLi when passing unsafe data...

Splunk Enterprise HTTP Request Injection Vulnerability (SP-CAAAPSR)

Splunk Enterprise is prone to a HTTP request injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[BSA-114] Security update for wordpress

Craig Small [email protected] uploaded new packages for wordpress which fixed the following security problems: CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution RCE in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting XSS in update-core.php CVE-2017-5490 Stored Cross-Site...

Fedora 24 : wordpress (2017-01c3288bef)

WordPress 4.7.1 Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues : - Remote code execution RCE in PHPMailer No specific iss...

Mail.ru: SSRF на https://target.my.com/

SSRF via submitting URL redirecting to internal resrouce to REST API method of target.my.com. target.my.com is not currently in the Bug Bounty scope, bounty was issued due to potential impact on different services and infrastructure...

WordPress < 4.7.1 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

DEBIAN-CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

Cross site request forgery (csrf)

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

CVE-2017-5487 affects WordPress 4.7.x prior to 4.7.1. The REST API endpoint wp-json/wp/v2/users does not properly restrict author listings, allowing unauthenticated remote access to usernames and related information. Root cause: insufficient access control on author listings in the REST API. Impa...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

Nextcloud: User Information Disclosure via REST API

Hello, I found out that you are using WP 4.6.2 on your domain which is outdated. https://nextcloud.com/readme.html Description:- WordPress versions 4.7 and earlier are affected by multiple security issues. Kindly check https://wpvulndb.com/wordpresses/462 for the vulnerabilities and in detailed...

ownCloud: User Information Disclosure via REST API

Hello, REST-API, allows anonymous access to functionality that allows a hacker to list all users who have published a post on a WordPress site. Unfortunately, this generally includes the admin account POC: https://owncloud.com/wp-json/wp/v2/users/ https://owncloud.com/wp-json/wp/v2/users/1/ Kind...

WordPress 4.7 - User Information Disclosure via REST API

PoC http://www.example.com/wp-json/wp/v2/users...

WordPress 4.7 - User Information Disclosure via REST API

http://www.example.com/wp-json/wp/v2/users...

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...