Wordpress : Security Vulnerabilities, CVEs, Published In January 2017 (XSS)

CVE-2017-5612

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
Max CVSS
6.1
EPSS Score
0.23%
Published
2017-01-30
Updated
2019-03-19

CVE-2017-5490

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
Max CVSS
6.1
EPSS Score
0.47%
Published
2017-01-15
Updated
2017-11-04

CVE-2017-5488

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Max CVSS
6.1
EPSS Score
0.48%
Published
2017-01-15
Updated
2017-11-04

CVE-2016-7168

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
Max CVSS
4.8
EPSS Score
0.36%
Published
2017-01-05
Updated
2017-11-04
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close