Description

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

Remediation

References

CVE-2017-9065

Related Vulnerabilities

WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)

Oracle Database Server Improper Input Validation Vulnerability (CVE-2020-1953)

Oracle JRE CVE-2020-2583 Vulnerability (CVE-2020-2583)

WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)

WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)

Severity

High

Classification

CVE-2017-9065 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities