AVG-202

Package wordpress
Status Fixed
Severity Medium
Type multiple issues
Affected 4.7.2-1
Fixed 4.7.3-1
Current 4.9.6-1 [community]
Ticket None
Created Mon Mar 13 14:09:59 2017
Issue Severity Remote Type Description
CVE-2017-6819 Medium Yes Cross-site request forgery
A cross-site request forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS)...
CVE-2017-6818 Medium Yes Cross-site scripting
A cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 (wp-admin/js/tags-box.js) via taxonomy term names.
CVE-2017-6817 Medium Yes Cross-site scripting
An authenticated cross-site scripting (XSS) vulnerability has been discovered in in WordPress before 4.7.3 (wp-includes/embed.php) via YouTube URL Embeds.
CVE-2017-6816 Medium Yes Insufficient validation
It has been discovered that unintended files can be deleted by administrators in WordPress before 4.7.3 (wp-admin/plugins.php) using the plugin deletion...
CVE-2017-6815 Medium Yes Insufficient validation
A vulnerability has been discovered in WordPress before 4.7.3 (wp- includes/pluggable.php) that certain control characters can trick redirect URL validation.
CVE-2017-6814 Medium Yes Cross-site scripting
An authenticated cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 via Media File Metadata. This is demonstrated by...
Date Advisory Package Description
16 Mar 2017 ASA-201703-14 wordpress multiple issues
References
https://codex.wordpress.org/Version_4.7.3