| CVE-2017-5493 |
Low |
Yes |
Insufficient validation |
An insufficient validation vulnerability has been discovered in wordpress leading to weak cryptographic security for multisite activation key. |
| CVE-2017-5492 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) vulnerability has been discovered in wordpress in the accessibility mode of widget editing. |
| CVE-2017-5491 |
Low |
Yes |
Access restriction bypass |
A vulnerability has been discovered in wordpress allowing to post via email as it checks for mail.example.com if default settings aren't changed. |
| CVE-2017-5490 |
High |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via theme name fallback. |
| CVE-2017-5489 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file. |
| CVE-2017-5488 |
High |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via the plugin name or version header on update-core.php. |
| CVE-2017-5487 |
Medium |
Yes |
Access restriction bypass |
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress... |
| CVE-2016-10045 |
High |
Yes |
Arbitrary code execution |
It has been discovered that the first patch of the vulnerability CVE-2016-10033 in PHPMailer was incomplete and could potentially still be used by... |
| CVE-2016-10033 |
High |
Yes |
Arbitrary code execution |
A vulnerability has been discovered in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code... |