VulnerableCode Package Details - pkg:alpm/archlinux/wordpress@4.7-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/wordpress@4.7-1

Essentials
History (9)

purl	pkg:alpm/archlinux/wordpress@4.7-1

Next non-vulnerable version	4.7.1-1
Latest non-vulnerable version	5.8.1-1
Risk	10.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-198e-9yps-nqfz Aliases: CVE-2017-5491	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-1axp-38yu-wua1 Aliases: CVE-2017-5489	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-cq4m-3q7u-cbg3 Aliases: CVE-2016-10033 GHSA-5f37-gxvh-23v6	Remote code execution in PHPMailer ### Impact The `mailSend` function in the default `isMail` transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted `Sender` property. ### Patches Fixed in 5.2.18 ### Workarounds Filter and validate user input before passing it to internal functions. ### References https://nvd.nist.gov/vuln/detail/CVE-2016-10033 Related to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-cuw7-7fmc-xbc1 Aliases: CVE-2017-5488	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-kpem-j9we-vufs Aliases: CVE-2017-5492	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-sany-su2d-73cn Aliases: CVE-2017-5487	wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-trn4-a55k-sqad Aliases: CVE-2017-5490	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-vj6y-1qup-jubg Aliases: CVE-2017-5493	security update	4.7.1-1 Affected by 0 other vulnerabilities.
VCID-xrtk-1rmg-7uca Aliases: CVE-2016-10045 GHSA-4pc3-96mx-wwc8	Remote code execution in PHPMailer ### Impact The `isMail` transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the `mail` command and consequently execute arbitrary code by leveraging improper interaction between the `escapeshellarg` function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. This issue really emphasises that it's worth avoiding the built-in PHP `mail()` function entirely. ### Patches Fixed in 5.2.20 ### Workarounds Send via SMTP to localhost instead of calling the `mail()` function. ### References https://nvd.nist.gov/vuln/detail/CVE-2016-10045 See also https://nvd.nist.gov/vuln/detail/CVE-2016-10033 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)	4.7.1-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:18.205578+00:00	Arch Linux Importer	Affected by	VCID-cq4m-3q7u-cbg3	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.181585+00:00	Arch Linux Importer	Affected by	VCID-xrtk-1rmg-7uca	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.157357+00:00	Arch Linux Importer	Affected by	VCID-sany-su2d-73cn	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.133668+00:00	Arch Linux Importer	Affected by	VCID-cuw7-7fmc-xbc1	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.108877+00:00	Arch Linux Importer	Affected by	VCID-1axp-38yu-wua1	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.079392+00:00	Arch Linux Importer	Affected by	VCID-trn4-a55k-sqad	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.055498+00:00	Arch Linux Importer	Affected by	VCID-198e-9yps-nqfz	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.031493+00:00	Arch Linux Importer	Affected by	VCID-kpem-j9we-vufs	https://security.archlinux.org/AVG-142	38.0.0
2026-04-01T18:26:18.005481+00:00	Arch Linux Importer	Affected by	VCID-vj6y-1qup-jubg	https://security.archlinux.org/AVG-142	38.0.0