Debian Wordpress vulnerabilities

CVE-2017-17091 [HIGH] CVE-2017-17091: wordpress - wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a st... wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. Scope: local bookworm: resolved (fixed in 4.9.1+dfsg-1) bullseye: resolved (fixed in 4.9.1+dfsg-1) forky: resolved (fixed in 4.9.1+dfsg-1) s

CVE-2017-5493 [HIGH] CVE-2017-5493: wordpress - wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before ... wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bullseye: resolved (fixed in 4.7.1+dfsg-1) f

CVE-2017-5489 [HIGH] CVE-2017-5489: wordpress - Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows... Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bullseye: resolved (fixed in 4.7.1+dfsg-1) forky: resolved (fixed in 4.7.1+dfsg-1) sid: resolved (fixed in 4.7.1+dfsg-1

CVE-2017-1000600 [HIGH] CVE-2017-1000600: wordpress - WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumb... WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have bee

CVE-2017-9062 [HIGH] CVE-2017-9062: wordpress - In WordPress before 4.7.5, there is improper handling of post meta data values i... In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in 4.7.5+dfsg-1) trixie: resolved (fixed in 4.7.5+dfsg-1)

CVE-2017-9061 [MEDIUM] CVE-2017-9061: wordpress - In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists whe... In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in

CVE-2017-14725 [MEDIUM] CVE-2017-14725: wordpress - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp... Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-6814 [MEDIUM] CVE-2017-6814: wordpress - In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via... In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. Scope: local b

CVE-2017-5491 [MEDIUM] CVE-2017-5491: wordpress - wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass int... wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bullseye: resolved (fixed in 4.7.1+dfsg-1) forky: resolved (fixed in 4.7.1+dfsg-1) sid: resolved (fixed in 4.7.1+dfsg-1) trixie: resolved (fixed

CVE-2017-8295 [MEDIUM] CVE-2017-8295: wordpress - WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-ma... WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled S

CVE-2017-5612 [MEDIUM] CVE-2017-5612: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-lis... Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. Scope: local bookworm: resolved (fixed in 4.7.2+dfsg-1) bullseye: resolved (fixed in 4.7.2+dfsg-1) forky: resolved (fixed in 4.7.2+dfsg-1)

CVE-2017-17094 [MEDIUM] CVE-2017-17094: wordpress - wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclos... wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. Scope: local bookworm: resolved (fixed in 4.9.1+dfsg-1) bullseye: resolved (fixed in 4.9.1+dfsg-1) forky: resolved (fixed in 4.9.1+dfsg-1) sid: resolved (fixed in 4.9.1+dfsg-1) trixie:

CVE-2017-14990 [MEDIUM] CVE-2017-14990: wordpress - WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores th... WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). Scope: local bookworm: resolv

CVE-2017-17093 [MEDIUM] CVE-2017-17093: wordpress - wp-includes/general-template.php in WordPress before 4.9.1 does not properly res... wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. Scope: local bookworm: resolved (fixed in 4.9.1+dfsg-1) bullseye: resolved (fixed in 4.9.1+dfsg-1) forky: resolved (fixed in 4.9.1+dfsg-1) sid: resolved

CVE-2017-5488 [MEDIUM] CVE-2017-5488: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php ... Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bullseye: resolved (fixed in 4.7.1+dfsg-1) forky: resolved (fixed in 4.7.1+dfsg-1) sid: re

CVE-2017-6818 [MEDIUM] CVE-2017-6818: wordpress - In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripti... In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. Scope: local bookworm: resolved (fixed in 4.7.3+dfsg-1) bullseye: resolved (fixed in 4.7.3+dfsg-1) forky: resolved (fixed in 4.7.3+dfsg-1) sid: resolved (fixed in 4.7.3+dfsg-1) trixie: resolved (fixed in 4.7.3+dfsg-1)

CVE-2017-5487 [MEDIUM] CVE-2017-5487: wordpress - wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST AP... wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bullseye: resolved (fixed in 4.7.

CVE-2017-6817 [MEDIUM] CVE-2017-6817: wordpress - In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-... In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. Scope: local bookworm: resolved (fixed in 4.7.3+dfsg-1) bullseye: resolved (fixed in 4.7.3+dfsg-1) forky: resolved (fixed in 4.7.3+dfsg-1) sid: resolved (fixed in 4.7.3+dfsg-1) trixie: resolved (fixed in 4.7.3+dfsg-1)

CVE-2017-5490 [MEDIUM] CVE-2017-5490: wordpress - Cross-site scripting (XSS) vulnerability in the theme-name fallback functionalit... Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. Scope: local bookworm: resolved (fixed in 4.7.1+dfsg-1) bul

CVE-2017-14726 [MEDIUM] CVE-2017-14726: wordpress - Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack ... Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)