News & events
Early warning! Several high-risk vulnerabilities exist in WordPress!

Vulnerability description

WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. Vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account.

CVE-2016-10033: PHPMailer Remote Code Execution Vulnerability, and could be attacked in WordPress

The Remote Code Execution attack could be used by unauthenticated remote attackers to gain instant access to the target server on which a vulnerable WordPress core version was installed in its default configuration which could lead to a full compromise of the target application server.

CVE-2017-8295: WordPress Password Reset Vulnerability

The vulnerability (CVE-2017-8295) happens because WordPress uses untrusted data by default when it creates a password reset email.

Affect area

CVE-2016-10033 :WordPress core 4.6

CVE-2017-8295: WordPress Core <= 4.7.4