6 matches found
WordPress 3.8.x < 3.8.21 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...
[SECURITY] [DLA 975-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...
Debian DSA-3870-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
WordPress < 4.7.5 Multiple Vulnerabilities
Binary data 700121.prm...
CVE-2017-9061
CVE-2017-9061 is an XSS vulnerability in WordPress before 4.7.5 related to very large file uploads. The root cause is improper restriction of the filename in error messages returned during upload handling, enabling DOM-based script injection. Affected software: WordPress prior to 4.7.5 (WordPress...
CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...