[WPVULNDB] Vulnerabilities Daily Digest 2017-01-13
– WordPress 4.3-4.7 – Potential Remote Command Execution (RCE) in PHPMailer
– WordPress 4.7 – User Information Disclosure via REST API
– WordPress 2.9-4.7 – Authenticated Cross-Site scripting (XSS) in update-core.php
– WordPress 4.7 – Cross-Site Request Forgery (CSRF) via Flash Upload
– WordPress 3.4-4.7 – Stored Cross-Site Scripting (XSS) via Theme Name fallback
– WordPress <= 4.7 – Post via Email Checks mail.example.com by Default
– WordPress 2.8-4.7 – Accessibility Mode Cross-Site Request Forgery (CSRF)
– WordPress 3.0-4.7 – Cryptographically Weak Pseudo-Random Number Generator (PRNG)
You can now receive daily digest emails instead of instant notifications! Open the following link in your browser to change your email preferences: https://wpvulndb.com/subscribers/1826/edit?email=advinp@cert.hr&confirmation_code=df1f844650324a7226480fcee871d96b9024123a
To help support WPScan and WPVULNDB please consider visiting our sponsors, https://sucuri.net/lp/promo/wpscanem-wordpress-security
To update your email preferences or unsubscribe please visit https://wpvulndb.com/subscribers/1826/edit?email=advinp@cert.hr&confirmation_code=df1f844650324a7226480fcee871d96b9024123a.
<!DOCTYPE html>
<html>
<head>
<meta content=’text/html; charset=UTF-8′ http-equiv=’Content-Type’>
</head>
<body>
<h2>[WPVULNDB] Vulnerabilities Daily Digest 2017-01-13</h2>
<ul>
<li><a href=”https://wpvulndb.com/vulnerabilities/8714″>WordPress 4.3-4.7 – Potential Remote Command Execution (RCE) in PHPMailer</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8715″>WordPress 4.7 – User Information Disclosure via REST API</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8716″>WordPress 2.9-4.7 – Authenticated Cross-Site scripting (XSS) in update-core.php</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8717″>WordPress 4.7 – Cross-Site Request Forgery (CSRF) via Flash Upload</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8718″>WordPress 3.4-4.7 – Stored Cross-Site Scripting (XSS) via Theme Name fallback</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8719″>WordPress <= 4.7 – Post via Email Checks mail.example.com by Default</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8720″>WordPress 2.8-4.7 – Accessibility Mode Cross-Site Request Forgery (CSRF)</a></li>
<li><a href=”https://wpvulndb.com/vulnerabilities/8721″>WordPress 3.0-4.7 – Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a></li>
</ul>
You can now receive daily digest emails instead of instant notifications! Click <a href=”https://wpvulndb.com/subscribers/1826/edit?email=advinp@cert.hr&confirmation_code=df1f844650324a7226480fcee871d96b9024123a”>here</a> to change your email preferences.
<p>To help support <a href=”http://wpscan.org”>WPScan</a> and <a href=”https://wpvulndb.com”>WPVULNDB</a> please consider visiting our sponsors, <a href=”https://sucuri.net/lp/promo/wpscanem-wordpress-security”>Sucuri</a>.</p>
<p style=”font-size:12px;”>To update your email preferences or unsubscribe click <a href=”https://wpvulndb.com/subscribers/1826/edit?email=advinp@cert.hr&confirmation_code=df1f844650324a7226480fcee871d96b9024123a”>here</a>.</p>
</body>
</html>