Vulnerabilities > Wordpress > Wordpress > 4.7.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-12 | CVE-2017-6817 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | 3.5 |
2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in Wordpress In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 5.5 |
2017-03-12 | CVE-2017-6815 | Improper Input Validation vulnerability in Wordpress In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | 5.8 |
2017-03-12 | CVE-2017-6814 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. | 3.5 |