Security Vulnerabilities - CVEs Published In September 2017
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-09-23
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
CVSS Score
7.5
EPSS Score
0.305
Published
2017-09-23
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.132
Published
2017-09-23
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
CVSS Score
6.1
EPSS Score
0.077
Published
2017-09-23
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
CVSS Score
5.4
EPSS Score
0.042
Published
2017-09-23
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
CVSS Score
6.1
EPSS Score
0.074
Published
2017-09-23
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-09-23
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-09-22
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-22