Description

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Remediation

References

CVE-2017-14721

Related Vulnerabilities

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More SQL Injection (16.26.5)

WordPress Plugin Ultimate Instagram Feed Unspecified Vulnerability (1.3)

WordPress Plugin PayPal Shopping Cart Multiple Vulnerabilities (1.1.9)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3659)

Oracle Application Server CVE-2008-7235 Vulnerability (CVE-2008-7235)

Severity

Medium

Classification

CVE-2017-14721 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities