CVE-2017-6815Improper Input Validation in Wordpress

CWE-20Improper Input Validation4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
6.4%
top 8.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressDebian WordpressDebian Linux
Timeline
PublishedMar 12
Latest updateMay 14

Description

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.7.3+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.7.3+dfsg-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: codex.wordpress.orgPatch: github.comPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-5q84-77v2-m356: In WordPress before 42022-05-14
OSV
CVE-2017-6815: In WordPress before 42017-03-12

📋Vendor Advisories

1
Debian
CVE-2017-6815: wordpress - In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can tr...2017
CVE-2017-6815 — Improper Input Validation in Wordpress | cvebase