CVE-2017-1001000

Public exploit
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
Max CVSS
7.5
EPSS Score
60.67%
Published
2017-04-03
Updated
2019-10-03
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
Max CVSS
8.8
EPSS Score
0.37%
Published
2017-12-02
Updated
2019-10-03
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
Max CVSS
9.8
EPSS Score
0.39%
Published
2017-11-02
Updated
2018-02-04
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Max CVSS
9.8
EPSS Score
0.38%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Max CVSS
7.5
EPSS Score
0.30%
Published
2017-09-23
Updated
2017-11-10
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-09-23
Updated
2017-11-10
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
Max CVSS
8.6
EPSS Score
1.08%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Max CVSS
7.5
EPSS Score
0.77%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Max CVSS
8.6
EPSS Score
0.62%
Published
2017-05-18
Updated
2019-10-03
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-01-30
Updated
2021-01-30
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Max CVSS
7.5
EPSS Score
0.66%
Published
2017-01-15
Updated
2019-10-03
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
Max CVSS
8.8
EPSS Score
0.28%
Published
2017-01-15
Updated
2017-11-04
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
Max CVSS
8.8
EPSS Score
0.27%
Published
2017-01-15
Updated
2017-11-04
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
Max CVSS
7.1
EPSS Score
32.65%
Published
2017-01-18
Updated
2017-09-03
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
Max CVSS
7.5
EPSS Score
0.15%
Published
2017-10-19
Updated
2017-11-13
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!