Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5610

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017012...
CONFIRM: https://codex.wordpres...
CONFIRM: https://github.com/Wor...
CONFIRM: https://wordpress.org/...
BID: 95816
MISC: https://wpvulndb.com/v...
SECTRACK: 1037731
DEBIAN: DSA-3779

Launchpad.net

CVE 2017-5610

Related bugs

References