WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

WordPress is prone to the following input-validation security vulnerabilities because it fails to sufficiently sanitize user-supplied input:

1. Multiple cross-site scripting vulnerabilities
2. Multiple directory-traversal vulnerabilities
3. Multiple open-redirection vulnerabilities
4. An SQL-injection vulnerability

An attacker can exploit these issues to steal cookie-based authentication credentials, to redirect a user to an attacker-controlled site; this may aid in phishing attacks , to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.; and to read arbitrary files in the context of the application.

WordPress versions 4.8.1 and earlier are affected.


 

Privacy Statement
Copyright 2010, SecurityFocus