CVE-2017-6816Incorrect Authorization in Wordpress

CWE-863Incorrect AuthorizationCWE-835Infinite Loop6 documents6 sources
Severity
4.9MEDIUMNVD
EPSS
2.6%
top 14.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressDebian WordpressDebian Linux
Timeline
PublishedMar 12
Latest updateMay 13

Description

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.7.3+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.7.3+dfsg-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: codex.wordpress.orgPatch: github.comPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-m2mg-2mqm-rpwh: In WordPress before 42022-05-13
OSV
CVE-2017-6816: In WordPress before 42017-03-12

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 6/7/8/9 - Information Disclosure2017-04-04

📋Vendor Advisories

2
Debian
CVE-2017-6816: wordpress - In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be delete...2017
Red Hat
tomcat: Infinite loop in the processing of https requests2015-02-06
CVE-2017-6816 — Incorrect Authorization in Wordpress | cvebase