Jeremy Felt

4 exploits Active since Jan 2017
CVE-2017-5491 WRITEUP MEDIUM WRITEUP
WordPress < 4.7.1 - Unauthenticated Posting Restriction Bypass via Spoofed Mail Server
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
CVSS 5.3
CVE-2017-5493 WRITEUP HIGH WRITEUP
WordPress < 4.7 - Use of Cryptographically Weak PRNG in Multisite Signup Keys
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
CVSS 7.5
CVE-2017-6814 WRITEUP MEDIUM WRITEUP
WordPress < 4.7.3 - Authenticated Cross-Site Scripting via Media File Metadata
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
CVSS 5.4
CVE-2018-20149 WRITEUP MEDIUM WRITEUP
WordPress < 4.9.9 and 5.x < 5.0.1 - Cross-Site Scripting via Crafted File Upload
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
CVSS 5.4