Aaron Campbell

5 exploits Active since Jan 2017
CVE-2017-14723 WRITEUP CRITICAL WRITEUP
WordPress <4.8.2 - SQL Injection
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
CVSS 9.8
CVE-2017-5492 WRITEUP HIGH WRITEUP
Wordpress < 4.7 - CSRF
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
CVSS 8.8
CVE-2017-6815 WRITEUP MEDIUM WRITEUP
WordPress <4.7.3 - Open Redirect
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
CVSS 6.1
CVE-2017-6816 WRITEUP MEDIUM WRITEUP
WordPress <4.7.3 - Info Disclosure
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
CVSS 4.9
CVE-2017-9064 WRITEUP HIGH WRITEUP
WordPress <4.7.5 - CSRF
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
CVSS 8.8