WordPress 4.5.x < 4.5.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Description WordPress discloses the sender's email address via wp-mail.php...

WP < 6.0.3 - Stored XSS via wp-mail.php

Description WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

WP < 6.0.3 - Stored XSS via wp-mail.php

WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

WordPress 3.9.x < 3.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

DEBIAN-CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...