Vigil@nce - WordPress Core: three vulnerabilities
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of WordPress Core.
Impacted products: Debian, WordPress Core.
Severity: 2/4.
Creation date: 27/01/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in WordPress Core.
An attacker can access to the end user interface of Press This
without authorization, in order to get sensitive information.
[severity:1/4; CVE-2017-5610]
An attacker can use a SQL injection via WP_Query, in order to read
or alter data. [severity:1/4; CVE-2017-5611]
An attacker can trigger a Cross Site Scripting, in order to run
JavaScript code in the context of the web site. [severity:2/4;
CVE-2017-5612]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/WordPress-Core-three-vulnerabilities-21698