Lucene search
K

15 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.294 views

WordPress REST API Content Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...

7.4AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2021/06/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

7.5CVSS7.3AI score0.81848EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.35 views

WordPress 4.6.x < 4.6.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.33 views

WordPress 4.7.x < 4.7.2 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.39 views

WordPress 4.5.x < 4.5.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.37 views

WordPress 3.8.x < 3.8.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.31 views

WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.36 views

WordPress 4.4.x < 4.4.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.23 views

WordPress 4.0.x < 4.0.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.31 views

WordPress 3.7.x < 3.7.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

9.8CVSS9AI score0.81848EPSS
Exploits0References6
Nmap
Nmap
added 2017/06/01 7:8 p.m.833 views

http-vuln-cve2017-1001000 NSE Script

Attempts to detect a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 that allows unauthenticated users to inject content in posts. The script connects to the Wordpress REST API to obtain the list of published posts and grabs the user id and date from there. Then it attempts to...

10CVSS0.99448EPSS
Exploits33
NVD
NVD
added 2017/04/03 1:59 a.m.33 views

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

7.5CVSS7.9AI score0.81848EPSS
Exploits0References9
Metasploit
Metasploit
added 2017/02/06 10:40 a.m.54 views

WordPress REST API Content Injection

This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API...

7.6AI score
Exploits0
OpenVAS
OpenVAS
added 2017/02/02 12:0 a.m.41 views

WordPress < 4.7.2 Multiple Security Vulnerabilities - Linux

WordPress is prone to multiple security vulnerabilities because it fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.8CVSS7.9AI score0.81848EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/01/31 12:0 a.m.150 views

WordPress < 4.7.2 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.2. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly...

9.8CVSS6.8AI score0.81848EPSS
Exploits0References6
Rows per page
Query Builder