Search for packages
| purl | pkg:alpm/archlinux/wordpress@4.7.1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-198e-9yps-nqfz | security update |
CVE-2017-5491
|
| VCID-1axp-38yu-wua1 | security update |
CVE-2017-5489
|
| VCID-cq4m-3q7u-cbg3 | Remote code execution in PHPMailer ### Impact The `mailSend` function in the default `isMail` transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted `Sender` property. ### Patches Fixed in 5.2.18 ### Workarounds Filter and validate user input before passing it to internal functions. ### References https://nvd.nist.gov/vuln/detail/CVE-2016-10033 Related to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) |
CVE-2016-10033
GHSA-5f37-gxvh-23v6 |
| VCID-cuw7-7fmc-xbc1 | security update |
CVE-2017-5488
|
| VCID-kpem-j9we-vufs | security update |
CVE-2017-5492
|
| VCID-sany-su2d-73cn | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
CVE-2017-5487
|
| VCID-trn4-a55k-sqad | security update |
CVE-2017-5490
|
| VCID-vj6y-1qup-jubg | security update |
CVE-2017-5493
|
| VCID-xrtk-1rmg-7uca | Remote code execution in PHPMailer ### Impact The `isMail` transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the `mail` command and consequently execute arbitrary code by leveraging improper interaction between the `escapeshellarg` function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. This issue really emphasises that it's worth avoiding the built-in PHP `mail()` function entirely. ### Patches Fixed in 5.2.20 ### Workarounds Send via SMTP to localhost instead of calling the `mail()` function. ### References https://nvd.nist.gov/vuln/detail/CVE-2016-10045 See also https://nvd.nist.gov/vuln/detail/CVE-2016-10033 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) |
CVE-2016-10045
GHSA-4pc3-96mx-wwc8 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:18.209359+00:00 | Arch Linux Importer | Fixing | VCID-cq4m-3q7u-cbg3 | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.185488+00:00 | Arch Linux Importer | Fixing | VCID-xrtk-1rmg-7uca | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.161283+00:00 | Arch Linux Importer | Fixing | VCID-sany-su2d-73cn | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.137419+00:00 | Arch Linux Importer | Fixing | VCID-cuw7-7fmc-xbc1 | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.112553+00:00 | Arch Linux Importer | Fixing | VCID-1axp-38yu-wua1 | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.083272+00:00 | Arch Linux Importer | Fixing | VCID-trn4-a55k-sqad | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.059518+00:00 | Arch Linux Importer | Fixing | VCID-198e-9yps-nqfz | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.035530+00:00 | Arch Linux Importer | Fixing | VCID-kpem-j9we-vufs | https://security.archlinux.org/AVG-142 | 38.0.0 |
| 2026-04-01T18:26:18.010253+00:00 | Arch Linux Importer | Fixing | VCID-vj6y-1qup-jubg | https://security.archlinux.org/AVG-142 | 38.0.0 |