CVE-2017-5489

Published: 15 January 2017

Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
wordpress Launchpad, Ubuntu, Debian	artful	Not vulnerable (4.7.1+dfsg-1)
	bionic	Not vulnerable (4.7.1+dfsg-1)
	cosmic	Not vulnerable (4.7.1+dfsg-1)
	disco	Not vulnerable (4.7.1+dfsg-1)
	eoan	Not vulnerable (4.7.1+dfsg-1)
	focal	Not vulnerable (4.7.1+dfsg-1)
	groovy	Not vulnerable (4.7.1+dfsg-1)
	hirsute	Not vulnerable (4.7.1+dfsg-1)
	impish	Not vulnerable (4.7.1+dfsg-1)
	jammy	Not vulnerable (4.7.1+dfsg-1)
	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist (trusty was needed)
	upstream	Released (4.7.1+dfsg-1)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Not vulnerable (4.7.1+dfsg-1)

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›