Lucene search
K

12 matches found

Packet Storm
Packet Storm
added 2021/10/25 12:0 a.m.410 views

WordPress 4.9.6 Arbitrary File Deletion

Exploit Title: Wordpress 4.9.6 - Arbitrary File Deletion Authenticated 2 Date: 04/08/2021 Exploit Author: samguy Vulnerability Discovery By: Slavco Mihajloski & Karim El Ouerghemmi Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/wordpress-4.9.6.tar.gz Version: 4.9.6...

8.8CVSS7.9AI score0.62558EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.38 views

Fedora 28 : wordpress (2018-623df1e98d)

Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

8.8CVSS7.4AI score0.62558EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2019/01/01 12:0 a.m.31 views

Fedora Update for wordpress FEDORA-2018-e69d2aaa60

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.62558EPSS
Exploits4References2
Debian
Debian
added 2018/07/30 12:19 a.m.43 views

[SECURITY] [DLA 1452-1] wordpress security update

Package : wordpress Version : 4.1+dfsg-1+deb8u18 CVE ID : CVE-2016-5836 CVE-2018-12895 Debian Bug : 902876 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-5836 The oEmbed protocol...

8.8CVSS8.8AI score0.62558EPSS
Exploits4
OpenVAS
OpenVAS
added 2018/07/29 12:0 a.m.45 views

Debian: Security Advisory (DLA-1452-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.62558EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.84 views

WordPress < 4.9.7 Arbitrary File Deletion Vulnerability

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.7. It is, therefore, affected by an arbitrary file deletion vulnerability that can lead to remote code execution. C Tenable Network Security, Inc. include'compat.inc'; if...

8.8CVSS8.1AI score0.62558EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.39 views

Fedora 27 : wordpress (2018-8fc2cb8cb0)

Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

8.8CVSS7.4AI score0.62558EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2018/07/20 12:0 a.m.43 views

Debian DSA-4250-1 : wordpress - security update

A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4250. The text itse...

8.8CVSS7.6AI score0.62558EPSS
Exploits4References5
Debian
Debian
added 2018/07/18 7:47 a.m.45 views

[SECURITY] [DSA 4250-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4250-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 18, 2018 https://www.debian.org/security/faq -...

8.8CVSS7.9AI score0.62558EPSS
Exploits4
OpenVAS
OpenVAS
added 2018/07/17 12:0 a.m.58 views

Debian: Security Advisory (DSA-4250-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.62558EPSS
Exploits4References4
OSV
OSV
added 2018/06/26 8:29 p.m.23 views

CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

8.8CVSS8.9AI score
Exploits0References6
CVE
CVE
added 2018/06/26 8:0 p.m.298 views

CVE-2018-12895

CVE-2018-12895 affects WordPress up to version 4.9.6. An Author (needs files and posts capabilities) can trigger directory traversal via the thumb parameter in wp-admin/post.php, causing the PHP unlink call to delete wp-config.php through a missing filename validation in wp-includes/post.php wp_d...

8.8CVSS8AI score0.62558EPSS
Exploits4References6Affected Software1
Rows per page
Query Builder