VuXML: wordpress -- multiple vulnerabilities

WordPress versions 4.7.1 and earlier are affected by three security issues:

The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.

WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

[source]

CVE Name	CVE-2017-5610
CVE Name	CVE-2017-5611
CVE Name	CVE-2017-5612
URL	http://www.openwall.com/lists/oss-security/2017/01/28/5
URL	https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
URL	https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

wordpress -- multiple vulnerabilities

Details

References