漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress versions prior to 4.7.2 contain the following unauthorized bypass, SQL injection, cross-site scripting vulnerabilities:
CVE-2017-5610: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
CVE-2017-5611: WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue
CVE-2017-5612: A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
Affected Versions:
WordPress prior to 4.7.2
漏洞危害
Successful exploitation allows a remote attacker to cause unauthorized bypass, SQL injection, cross-site scripting vulnerabilities.
解决方案
Customers are advised to install WordPress 4.7.2 or later versions to remediate the vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论