CVE-2017-5489

CVE-2017-5489

Name

CVE-2017-5489

Description

Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://www.debian.org/security/2017/dsa-3779
Mailing List	http://www.openwall.com/lists/oss-security/2017/01/14/6
cve@mitre.org	http://www.securityfocus.com/bid/95399
cve@mitre.org	http://www.securitytracker.com/id/1037591
Release Notes	https://codex.wordpress.org/Version_4.7.1
Vendor Advisory	https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
cve@mitre.org	https://wpvulndb.com/vulnerabilities/8717

Type

URI

cve@mitre.org

http://www.debian.org/security/2017/dsa-3779

Mailing List

http://www.openwall.com/lists/oss-security/2017/01/14/6

cve@mitre.org

http://www.securityfocus.com/bid/95399

cve@mitre.org

http://www.securitytracker.com/id/1037591

Release Notes

https://codex.wordpress.org/Version_4.7.1