7.5
CVE-2017-9065
- EPSS 4.08%
- Veröffentlicht 18.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.21, 3.8.21, 3.9.19, 4.0.18, 4.1.18, 4.2.15, 4.3.11, 4.4.10, 4.5.9, 4.6.6, 4.7.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7-3.7.20
Version
3.8-3.8.20
Version
3.9-3.9.18
Version
4.0-4.0.17
Version
4.1-4.1.17
Version
4.2-4.2.14
Version
4.3-4.3.10
Version
4.4-4.4.9
Version
4.5-4.5.8
Version
4.6-4.6.5
Version
4.7-4.7.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.08% | 0.894 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.debian.org/security/2017/dsa-3870
http://www.securityfocus.com/bid/98509
http://www.securitytracker.com/id/1038520
https://codex.wordpress.org/Version_4.7.5
https://wordpress.org/news/2017/05/wordpress-4-7-5/
https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
https://wpvulndb.com/vulnerabilities/8817
https://www.wordfence.com/threat-intel/vulnerabilities/id/801d6f21-1f52-48d4-9f8e-5c971dd037f7