| CVE-2017-6819 |
Medium |
Yes |
Cross-site request forgery |
A cross-site request forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS)... |
| CVE-2017-6818 |
Medium |
Yes |
Cross-site scripting |
A cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 (wp-admin/js/tags-box.js) via taxonomy term names. |
| CVE-2017-6817 |
Medium |
Yes |
Cross-site scripting |
An authenticated cross-site scripting (XSS) vulnerability has been discovered in in WordPress before 4.7.3 (wp-includes/embed.php) via YouTube URL Embeds. |
| CVE-2017-6816 |
Medium |
Yes |
Insufficient validation |
It has been discovered that unintended files can be deleted by administrators in WordPress before 4.7.3 (wp-admin/plugins.php) using the plugin deletion... |
| CVE-2017-6815 |
Medium |
Yes |
Insufficient validation |
A vulnerability has been discovered in WordPress before 4.7.3 (wp- includes/pluggable.php) that certain control characters can trick redirect URL validation. |
| CVE-2017-6814 |
Medium |
Yes |
Cross-site scripting |
An authenticated cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 via Media File Metadata. This is demonstrated by... |