CVE-2017-9064

Опубликовано: 18 мая 2017

Источник: debian

EPSS Низкий

Описание

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wordpress	fixed	4.7.5+dfsg-1		package

Примечания

https://wordpress.org/news/2017/05/wordpress-4-7-5/
https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67

EPSS

Процентиль: 78%

0.01222

Низкий

Связанные уязвимости

CVE-2017-9064

CVSS3: 8.8

ubuntu

около 8 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

CVE-2017-9064

CVSS3: 8.8

nvd

около 8 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

GHSA-74wg-f546-8h73

CVSS3: 8.8

github

около 3 лет назад

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

EPSS

Процентиль: 78%

0.01222

Низкий