ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API

Product
WordPress
Description
WordPress versions starting from 2.5 to 4.7.4 have the improper handling of post meta data values in the XML-RPC (Remote Procedure Call) API. Discovered and reported by Sam Thomas.
Solution
Update WordPress core to the latest possible version (at least 4.7.5)
Classification
Type BYPASS
References
GitHub
CVE
Name CVE-CVE-2017-9062
Versions
Affected In <=4.7.4
Fixed In 4.7.5
Disclosure date
2017-05-16
Credits
Sam Thomas
Submitter
ThreatPress