wordpress -- multiple vulnerabilities
Aaron D. Campbell reports:
WordPress versions 4.7.1 and earlier are affected by three security
- The user interface for assigning taxonomy terms in Press This is
shown to users who do not have permissions to use it.
- WP_Query is vulnerable to a SQL injection (SQLi) when passing
unsafe data. WordPress core is not directly vulnerable to this
issue, but we’ve added hardening to prevent plugins and
themes from accidentally causing a vulnerability.
- A cross-site scripting (XSS) vulnerability was discovered in the
posts list table.
- An unauthenticated privilege escalation vulnerability was
discovered in a REST API endpoint.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright