CVE-2017-5610Sensitive Information Exposure in Wordpress

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.9%
top 24.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressDebian WordpressDebian Linux
Timeline
PublishedJan 30
Latest updateMay 14

Description

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.7.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.7.2+dfsg-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: www.openwall.comPatch: github.comPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-2wgv-28wx-hxv3: wp-admin/includes/class-wp-press-this2022-05-14
OSV
CVE-2017-5610: wp-admin/includes/class-wp-press-this2017-01-30

📋Vendor Advisories

1
Debian
CVE-2017-5610: wordpress - wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7....2017

💬Community

3
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.2 [epel-all]2017-01-27
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.2 [fedora-all]2017-01-27
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.22017-01-27
CVE-2017-5610 — Sensitive Information Exposure | cvebase