Computer Security Incident Response Team of Mauritius - CERT-MU Vulnerability Note VN-2017-22

Vulnerabilities in WordPress

Severity Rating: High

System Affected:

Versions prior to WordPress 4.7.1

Description:

A cross-site request-forgery vulnerability and security-bypass vulnerability exist in WordPress.

An attacker can exploit these vulnerabilities by performing unauthorized actions in the context of a logged-in user of the affected application and also can bypass certain security restrictions to perform unauthorized actions. Moreover, this may aid in other attacks.

Source:

Solution

Users are advised to apply updates.

https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733

https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a

https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

Vendor Information

WordPress

https://wordpress.com/

CVE Information

CVE-2017-5491

CVE-2017-5492

References

Security Focus

http://www.securityfocus.com/bid/95406

http://www.securityfocus.com/bid/95407

Contact Information

E-mail: contact@cert.ncb.mu

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis

Top Link Bar

CERT-MU Vulnerability Note VN-2017-22

Subscribe to newsletter