Description

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.

Remediation

References

CVE-2017-5491

Related Vulnerabilities

WordPress 4.9.x Cross-Domain Flash Injection Vulnerability (4.9 - 4.9.1)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.21)

Joomla Improper Input Validation Vulnerability (CVE-2016-8870)

WordPress Plugin Contact Form DB CSV Injection (2.10.32)

Play Framework Data Amplification Vulnerability (CVE-2020-28923)

Severity

Medium

Classification

CVE-2017-5491 CWE-1188 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities