Latest Wordpress Wordpress 4 6 8 Security Vulnerabilities
|2017-01-15||CVE-2017-5490|| Cross-Site Scripting vulnerability in Wordpress |
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
|2017-01-15||CVE-2017-5489|| Cross-Site Request Forgery (CSRF) vulnerability in Wordpress |
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
|2017-01-15||CVE-2017-5488|| Cross-Site Scripting vulnerability in Wordpress |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
|2017-01-15||CVE-2017-5487|| Information Exposure vulnerability in Wordpress |
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.