CVE-2017-14723

Published: Sep 23, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-3997

vendor-advisory

x_refsource_DEBIAN

https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e

x_refsource_MISC

100912

vdb-entry

x_refsource_BID

1039553

vdb-entry

x_refsource_SECTRACK

https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec

x_refsource_MISC

https://core.trac.wordpress.org/changeset/41470

x_refsource_MISC

https://core.trac.wordpress.org/changeset/41496

x_refsource_MISC

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

x_refsource_MISC

https://medium.com/websec/wordpress-sqli-bbb2afcc8e94

x_refsource_MISC

https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-14723

Description

Affected Products

References