John Blackbourn

7 exploits Active since Jan 2017
CVE-2017-17091 WRITEUP HIGH WRITEUP
WordPress <4.9.1 - Info Disclosure
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
CVSS 8.8
CVE-2017-17092 WRITEUP MEDIUM WRITEUP
WordPress < 4.9.1 - Authenticated JavaScript File Upload
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.
CVSS 5.4
CVE-2017-17093 WRITEUP MEDIUM WRITEUP
WordPress <4.9.1 - XSS
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
CVSS 5.4
CVE-2017-17094 WRITEUP MEDIUM WRITEUP
WordPress <4.9.1 - XSS
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.
CVSS 5.4
CVE-2017-5612 WRITEUP MEDIUM WRITEUP
Wordpress < 4.7.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
CVSS 6.1
CVE-2017-6818 WRITEUP MEDIUM WRITEUP
WordPress <4.7.3 - XSS
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
CVSS 6.1
CVE-2017-6819 WRITEUP MEDIUM WRITEUP
WordPress <4.7.3 - CSRF
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
CVSS 6.5