Multiple vulnerabilities in WordPress
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 CVE-2017-1001000 |
| CWE-ID | CWE-284 CWE-89 CWE-79 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software Subscribe |
WordPress Web applications / CMS |
| Vendor | WordPress.ORG |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
The security rating of this bulletin was raised to "High" after WordPress disclosed vulnerability in REST API.
1) Improper access control
EUVDB-ID: #VU5510
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5610
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to otherwise restricted information.
The vulnerability resides within wp-admin/includes/class-wp-press-this.php script in Press This functionality, which does not properly restrict visibility permissions to user interface for assigning taxonomy terms. A remote authenticated attacker may be able to gain access to potentially sensitive information.
MitigationUpdate to version 4.7.2.
WordPress: 4.7 - 4.7.1
External linkshttp://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) SQL injection
EUVDB-ID: #VU5509
Risk: Medium
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5611
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send specially crafted HTTP POST request to "wp-includes/class-wp-query.php" script, pass malformed WP_Query to an affected plugin or theme and execute arbitrary SQL commands in web application database.
Successful exploitation of the vulnerability may allow an attacker to gain complete control over vulnerable website.
MitigationUpdate to version 4.7.2
Vulnerable software versionsWordPress: 4.7 - 4.7.1
External linkshttp://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU5508
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C]
CVE-ID: CVE-2017-5612
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionVulnerability allows a remote authenticated attacker to perform Cross-site scripting attacks.
An input validation error exists in "wp-admin/includes/class-wp-posts-list-table.php" script in the posts list table. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Update to version 4.7.2
Vulnerable software versionsWordPress: 4.7 - 4.7.1
External linkshttp://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
4) Security bypass
EUVDB-ID: #VU5612
Risk: High
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-1001000
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to inject arbitrary content.
The vulnerability exists due to web application fails to check privileges when processing requests sent via REST API in /wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php script. A remote attacker can send a specially crafted HTTP request to /wp-json/wp/v2/posts/{POST_ID} URL and post arbitrary content to your website.
Successful exploitation of the vulnerability may allow an attacker to perform phishing and drive-by-download attacks, spread spam content, etc. In certain cases this vulnerability can lead to remote PHP code execution leveraging functionality of third-party plugins.
Note: this vulnerability is being actively exploited in the wild.
MitigationUpdate to version 4.7.2.
WordPress: 4.7 - 4.7.1
External linkshttp://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
http://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
