Description

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.

Remediation

References

CVE-2017-14726

Related Vulnerabilities

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-3110)

WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-0738)

WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.24.0)

WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)

Severity

Medium

Classification

CVE-2017-14726 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities