Description

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Remediation

References

CVE-2017-14720

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2010-3840)

WordPress Plugin Auto ThickBox Plus Cross-Site Scripting (1.9)

WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)

WordPress Plugin WP Shop Multiple Vulnerabilities (3.4.3.18)

Severity

Medium

Classification

CVE-2017-14720 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities