Description

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Remediation

References

CVE-2017-14723

Related Vulnerabilities

WordPress Plugin Watu Quiz Cross-Site Scripting (3.1.2.4)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4298)

IBM WebSEAL CVE-2018-1813 Vulnerability (CVE-2018-1813)

MySQL Out-of-bounds Write Vulnerability (CVE-2009-4484)

WordPress Plugin Easy Property Listings Unspecified Vulnerability (2.0)

Severity

Critical

Classification

CVE-2017-14723 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities