| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-9062 | 5.0 |
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
|
03-10-2019 - 00:03 | 18-05-2017 - 14:29 | |
| CVE-2017-9061 | 4.3 |
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
|
15-03-2019 - 13:12 | 18-05-2017 - 14:29 | |
| CVE-2017-9063 | 4.3 |
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
|
15-03-2019 - 13:05 | 18-05-2017 - 14:29 | |
| CVE-2017-9064 | 6.8 |
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
|
15-03-2019 - 12:35 | 18-05-2017 - 14:29 | |
| CVE-2017-9065 | 5.0 |
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
|
15-03-2019 - 11:54 | 18-05-2017 - 14:29 | |
| CVE-2017-8295 | 4.3 |
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for th
|
04-11-2017 - 01:29 | 04-05-2017 - 14:29 |