Lucene search

GoogleOSV:CVE-2017-14723

HistorySep 23, 2017 - 8:29 p.m.

CVE-2017-14723

2017-09-2320:29:00

Google

osv.dev

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

References

www.securityfocus.com/bid/100912

www.securitytracker.com/id/1039553

core.trac.wordpress.org/changeset/41470

core.trac.wordpress.org/changeset/41496

github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48

github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec

medium.com/websec/wordpress-sqli-bbb2afcc8e94

medium.com/websec/wordpress-sqli-poc-f1827c20bf8e

wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

www.debian.org/security/2017/dsa-3997