Max CVSS 6.8 Min CVSS 4.3 Total Count6
IDCVSSSummaryLast (major) updatePublished
CVE-2017-9066 5.0
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
18-05-2017 - 10:29 18-05-2017 - 10:29
CVE-2017-9065 5.0
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
18-05-2017 - 10:29 18-05-2017 - 10:29
CVE-2017-9064 6.8
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
18-05-2017 - 10:29 18-05-2017 - 10:29
CVE-2017-9063 4.3
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
18-05-2017 - 10:29 18-05-2017 - 10:29
CVE-2017-9062 5.0
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
18-05-2017 - 10:29 18-05-2017 - 10:29
CVE-2017-9061 4.3
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
18-05-2017 - 10:29 18-05-2017 - 10:29
Back to Top Mark selected
Back to Top