Description

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Remediation

References

CVE-2017-14719

Related Vulnerabilities

Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27492)

WordPress Plugin WP Editor.md Cross-Site Scripting (10.0.1)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)

WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-5897)

Severity

High

Classification

CVE-2017-14719 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities