Debian Wordpress vulnerabilities

CVE-2017-5610 [MEDIUM] CVE-2017-5610: wordpress - wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.... wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. Scope: local bookworm: resolved (fixed in 4.7.2+dfsg-1) bullseye: resolved (fixed in 4.7.2+dfsg-1) forky: resolved (fi

CVE-2017-14720 [MEDIUM] CVE-2017-14720: wordpress - Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the tem... Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-6819 [MEDIUM] CVE-2017-6819: wordpress - In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press T... In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. Scope: local bookworm: resolved (fixed in 4.7.3+dfsg-1) bullseye: resolved (fixed in 4.7.3+df

CVE-2017-9063 [MEDIUM] CVE-2017-9063: wordpress - In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to... In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in 4.7.5+dfsg-1) trixie: resolved (fixed in 4.7.5+dfsg-1)

CVE-2017-17092 [MEDIUM] CVE-2017-17092: wordpress - wp-includes/functions.php in WordPress before 4.9.1 does not require the unfilte... wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. Scope: local bookworm: resolved (fixed in 4.9.1+dfsg-1) bullseye: resolved (fixed in 4.9.1+dfsg-1) forky: resolved (fixed in 4.9.1+dfsg-1) sid: resolved (fixed i

CVE-2017-6815 [MEDIUM] CVE-2017-6815: wordpress - In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can tr... In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. Scope: local bookworm: resolved (fixed in 4.7.3+dfsg-1) bullseye: resolved (fixed in 4.7.3+dfsg-1) forky: resolved (fixed in 4.7.3+dfsg-1) sid: resolved (fixed in 4.7.3+dfsg-1) trixie: resolved (fixed in 4.7.3+dfsg-1)

CVE-2017-14724 [MEDIUM] CVE-2017-14724: wordpress - Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed... Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-14718 [MEDIUM] CVE-2017-14718: wordpress - Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack... Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-14721 [MEDIUM] CVE-2017-14721: wordpress - Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin edito... Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-6816 [MEDIUM] CVE-2017-6816: wordpress - In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be delete... In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. Scope: local bookworm: resolved (fixed in 4.7.3+dfsg-1) bullseye: resolved (fixed in 4.7.3+dfsg-1) forky: resolved (fixed in 4.7.3+dfsg-1) sid: resolved (fixed in 4.7.3+dfsg-1) trixie: resolved (fixed in 4.7.3+dfsg-1)

CVE-2017-6514 [MEDIUM] CVE-2017-6514: wordpress - WordPress 4.7.2 mishandles listings of post authors, which allows remote attacke... WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2016-5835 [HIGH] CVE-2016-5835: wordpress - WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-hist... WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. Scope: local bookworm: resolved (fixed in 4.5.3+dfsg-1) bullseye: resolved (fixed in 4.5.3+dfsg-1) forky: resolved (fixed in 4.5.3+dfsg-1) sid: resolved (fix

CVE-2016-6897 [HIGH] CVE-2016-6897: wordpress - Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin fun... Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. Scope: local bookworm: r

CVE-2016-5837 [HIGH] CVE-2016-5837: wordpress - WordPress before 4.5.3 allows remote attackers to bypass intended access restric... WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.5.3+dfsg-1) bullseye: resolved (fixed in 4.5.3+dfsg-1) forky: resolved (fixed in 4.5.3+dfsg-1) sid: resolved (fixed in 4.5.3+dfsg-1) trixie: resolved (fixed in 4.5.3+dfs

CVE-2016-6635 [HIGH] CVE-2016-6635: wordpress - Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_te... Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. Scope: local bookworm: resolved (fixed in 4.5+dfsg-1) bullseye: resolved (fixed in 4.5+

CVE-2016-5839 [HIGH] CVE-2016-5839: wordpress - WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name ... WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.5.3+dfsg-1) bullseye: resolved (fixed in 4.5.3+dfsg-1) forky: resolved (fixed in 4.5.3+dfsg-1) sid: resolved (fixed in 4.5.3+dfsg-1) trixie: resolved (fixed in 4.5.3+dfsg-1)

CVE-2016-4029 [HIGH] CVE-2016-4029: wordpress - WordPress before 4.5 does not consider octal and hexadecimal IP address formats ... WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. Scope: local bookworm: resolved (fixed in 4.5+dfsg-1) bullseye: resolved (fixed in 4.5+dfsg-1) forky: resolved (fixed in 4.5+dfsg-1) sid: resolved (f

CVE-2016-2222 [HIGH] CVE-2016-2222: wordpress - The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.... The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php. Scope: local bookworm: resolved (fixed in 4.4.2+dfsg-1) bullseye: resolved (fixed in 4.4.2+dfsg-1) forky

CVE-2016-6896 [HIGH] CVE-2016-6896: wordpress - Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-ad... Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

CVE-2016-5836 [HIGH] CVE-2016-5836: wordpress - The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attac... The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.5.3+dfsg-1) bullseye: resolved (fixed in 4.5.3+dfsg-1) forky: resolved (fixed in 4.5.3+dfsg-1) sid: resolved (fixed in 4.5.3+dfsg-1) trixie: resolved (fixed in 4.5.3+dfsg-1)