Description

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

Remediation

References

CVE-2017-9062

Related Vulnerabilities

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.5)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)

WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (4.0.2)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)

Severity

High

Classification

CVE-2017-9062 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities