Latest Wordpress Wordpress 4 6 8 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-15 CVE-2017-5490 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
network
wordpress
CWE-79
nessus
4.3
2017-01-15 CVE-2017-5489 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
network
wordpress
CWE-352
nessus
6.8
2017-01-15 CVE-2017-5488 Cross-Site Scripting vulnerability in Wordpress
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
network
wordpress
CWE-79
nessus
4.3
2017-01-15 CVE-2017-5487 Information Exposure vulnerability in Wordpress
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
network
low complexity
wordpress
CWE-200
nessus
exploit available
5.0