Description

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.

Remediation

References

CVE-2017-5491

Related Vulnerabilities

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22818)

Jetty CVE-2020-27218 Vulnerability (CVE-2020-27218)

MediaWiki Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-9487)

WordPress Plugin Debug Log Manager Cross-Site Request Forgery (2.2.1)

Severity

Medium

Classification

CVE-2017-5491 CWE-1188 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities