Description

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

Remediation

References

CVE-2017-14722

Related Vulnerabilities

Oracle Database Server SYS Account privilege issue (CVE-2021-2000)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.11)

WordPress Plugin ListingPro SQL Injection (2.9.3)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9735)

Severity

High

Classification

CVE-2017-14722 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities