CVE-2016-5836 — Wordpress vulnerability

7 documents5 sources

Severity

7.5HIGHNVD

EPSS

7.2%

top 8.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJun 29

Latest updateMay 14

Description

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.5.3+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.5.3+dfsg-1+3

▶NVDwordpress/wordpress4.5.2

Patches

Patch: codex.wordpress.org ↗Patch: wordpress.org ↗Patch: codex.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-279h-9ccj-88q7: The oEmbed protocol implementation in WordPress before 4↗2022-05-14

▶

OSV

CVE-2016-5836: The oEmbed protocol implementation in WordPress before 4↗2016-06-29

▶

📋Vendor Advisories

Debian

CVE-2016-5836: wordpress - The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attac...↗2016

▶

💬Community

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release↗2016-06-23

▶

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [fedora-all]↗2016-06-23

▶

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [epel-all]↗2016-06-23

▶