Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Input Validation Vulnerability (CVE-2017-9065)

Description

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

Remediation

References

Related Vulnerabilities

WordPress Plugin Comments Disable-AccessPress includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

WordPress 3.1 Multiple Vulnerabilities (0.7 - 3.1)

PleskLin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)

WordPress Plugin File Groups 'fgid' Parameter SQL Injection (1.1.2)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43802)

Severity

High

Classification

CVE-2017-9065 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities