QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5490

Published: Jan 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

https://wpvulndb.com/vulnerabilities/8718

x_refsource_MISC

https://www.mehmetince.net/low-severity-wordpress/

x_refsource_MISC

https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359

x_refsource_CONFIRM

https://codex.wordpress.org/Version_4.7.1

x_refsource_CONFIRM

[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.