WordPress 3.8.x < 3.8.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...

[SECURITY] [DLA 975-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...

Debian DSA-3870-1 : wordpress - security update

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

WordPress < 4.7.5 Multiple Vulnerabilities

Binary data 700121.prm...

CVE-2017-9062

Concisely: CVE-2017-9062 affects WordPress versions prior to 4.7.5, caused by improper handling of post meta data in the XML-RPC API. The underlying issue is in the set_custom_fields() path of wp-xmlrpc-server.php, which handles post meta data without sufficient validation. The vulnerability can ...