Description

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.

Remediation

References

CVE-2017-5491

Related Vulnerabilities

WordPress Plugin Banner Garden Multiple Cross-Site Scripting Vulnerabilities (0.1.3)

Jenkins Incorrect Authorization Vulnerability (CVE-2022-34175)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)

Jenkins Inadequate Encryption Strength Vulnerability (CVE-2017-2598)

Drupal Core Cross-Site Scripting (8.0.0 - 9.1.15)

Severity

Medium

Classification

CVE-2017-5491 CWE-1188 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities