CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

Published : 2017-05-18 14:29 Updated : 2019-03-15 12:35

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Wordpress Wordpress 4.7.4 cpe:/a:wordpress:wordpress:4.7.4
  1. Wordpress (1) Search CVE
    1. Wordpress (1) Search CVE
      1. 4.7.4
  2. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2019-03-15 12:35
2017-11-04 01:29
2017-07-17 14:32
2017-07-08 05:33
2017-05-18 14:29

New CVE