Description

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.

Remediation

References

CVE-2017-5491

Related Vulnerabilities

WordPress Plugin Imagements Arbitrary File Upload (1.2.5)

WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)

MySQL CVE-2024-21047 Vulnerability (CVE-2024-21047)

Apache Tomcat Other Vulnerability (CVE-2007-2449)

WordPress Plugin Livemesh SiteOrigin Widgets Security Bypass (2.5.1)

Severity

Medium

Classification

CVE-2017-5491 CWE-1188 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities