Description

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Remediation

References

CVE-2017-14720

Related Vulnerabilities

MySQL CVE-2018-3073 Vulnerability (CVE-2018-3073)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)

Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2021-25329)

WordPress Plugin Catch Themes Demo Import Security Bypass (1.5)

Severity

Medium

Classification

CVE-2017-14720 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities