Description

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Remediation

References

CVE-2017-14721

Related Vulnerabilities

WordPress Plugin Media Library Assistant SQL Injection (2.84)

WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3967)

WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.7)

WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)

Severity

Medium

Classification

CVE-2017-14721 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities