Download
| Alert*
oval:org.secpod.oval:def:1900301
wp-admin/user-new.php in WordPress before 4.9.1 sets the new bloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. oval:org.secpod.oval:def:603239 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. oval:org.secpod.oval:def:53230 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. |