Wordpress: >> Wordpress >> 2.6.2 Security Vulnerabilities
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
CVSS Score
8.8
EPSS Score
0.047
Published
2017-12-02
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.
CVSS Score
5.4
EPSS Score
0.021
Published
2017-12-02
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
CVSS Score
5.4
EPSS Score
0.056
Published
2017-12-02
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.
CVSS Score
5.4
EPSS Score
0.059
Published
2017-12-02
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
CVSS Score
9.8
EPSS Score
0.044
Published
2017-11-02
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-10-19
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVSS Score
4.7
EPSS Score
0.017
Published
2017-10-12
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-09-23
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-09-23
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-09-23