CVE-2017-9062Cross-site Scripting in Wordpress

CWE-79Cross-site ScriptingCWE-352Cross-Site Request ForgeryCWE-601Open Redirect4 documents4 sources
Severity
8.6HIGHNVD
EPSS
1.7%
top 17.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressDebian WordpressDebian Linux
Timeline
PublishedMay 18
Latest updateMay 13

Description

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.7.5+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.7.5+dfsg-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: codex.wordpress.orgPatch: github.comPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-gv93-c8vm-3g8r: In WordPress before 42022-05-13
OSV
CVE-2017-9062: In WordPress before 42017-05-18

📋Vendor Advisories

1
Debian
CVE-2017-9062: wordpress - In WordPress before 4.7.5, there is improper handling of post meta data values i...2017
CVE-2017-9062 — Cross-site Scripting in Wordpress | cvebase