Wordpress : Security Vulnerabilities, CVEs, Published In January 2017 (XSS)
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
Max CVSS
6.1
EPSS Score
0.23%
Published
2017-01-30
Updated
2019-03-19
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
Max CVSS
6.1
EPSS Score
0.47%
Published
2017-01-15
Updated
2017-11-04
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Max CVSS
6.1
EPSS Score
0.48%
Published
2017-01-15
Updated
2017-11-04
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
Max CVSS
4.8
EPSS Score
0.36%
Published
2017-01-05
Updated
2017-11-04
4 vulnerabilities found