Description

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Remediation

References

CVE-2017-14723

Related Vulnerabilities

Oracle Database Server CVE-2007-0274 Vulnerability (CVE-2007-0274)

PHP Improper Input Validation Vulnerability (CVE-2010-3709)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2022-48564)

WordPress Plugin NAB Transact Security Bypass (2.1.0)

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4199)

Severity

Critical

Classification

CVE-2017-14723 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities