12 matches found
WordPress 4.9.6 Arbitrary File Deletion
Exploit Title: Wordpress 4.9.6 - Arbitrary File Deletion Authenticated 2 Date: 04/08/2021 Exploit Author: samguy Vulnerability Discovery By: Slavco Mihajloski & Karim El Ouerghemmi Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/wordpress-4.9.6.tar.gz Version: 4.9.6...
Fedora 28 : wordpress (2018-623df1e98d)
Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
Fedora Update for wordpress FEDORA-2018-e69d2aaa60
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1452-1] wordpress security update
Package : wordpress Version : 4.1+dfsg-1+deb8u18 CVE ID : CVE-2016-5836 CVE-2018-12895 Debian Bug : 902876 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-5836 The oEmbed protocol...
Debian: Security Advisory (DLA-1452-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress < 4.9.7 Arbitrary File Deletion Vulnerability
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.7. It is, therefore, affected by an arbitrary file deletion vulnerability that can lead to remote code execution. C Tenable Network Security, Inc. include'compat.inc'; if...
Fedora 27 : wordpress (2018-8fc2cb8cb0)
Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
Debian DSA-4250-1 : wordpress - security update
A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4250. The text itse...
[SECURITY] [DSA 4250-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4250-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 18, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4250-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-12895
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...
CVE-2018-12895
CVE-2018-12895 affects WordPress up to version 4.9.6. An Author (needs files and posts capabilities) can trigger directory traversal via the thumb parameter in wp-admin/post.php, causing the PHP unlink call to delete wp-config.php through a missing filename validation in wp-includes/post.php wp_d...