Version 4.7.2 of wordpress is vulnerable

Disclosed: 2017-03-07 17:38:20 By demo--hacker To nextcloud
High
Vulnerability Details
Hello team, I observed that your website https://nextcloud.com still use wordpress 4.7.2 Version 4.7.2 of wordpress is vulnerable to : Cross-site scripting (XSS) Control characters can trick redirect URL validation Cross-site scripting (XSS) via video URL in YouTube embeds Cross-site scripting (XSS) via taxonomy term names Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources Fix : Upgrade to wordpress 4.7.3 More information : https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Best regards Rey Mark
Actions
View on HackerOne
Report Stats
  • Report ID: 211206
  • State: Closed
  • Substate: resolved
  • Upvotes: 5
Share this report