Wordpress : Security Vulnerabilities Published In 2017 (CSRF)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-9064 |
352 |
|
CSRF |
2017-05-18 |
2019-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. |
2 |
CVE-2017-6819 |
352 |
|
CSRF |
2017-03-12 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. |
3 |
CVE-2017-5492 |
352 |
|
CSRF |
2017-01-15 |
2017-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. |
4 |
CVE-2017-5489 |
352 |
|
CSRF |
2017-01-15 |
2017-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. |
5 |
CVE-2016-6897 |
352 |
|
CSRF |
2017-01-18 |
2017-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. |
Total number of vulnerabilities :
5
Page :
1
(This Page)