Lucene search
GoogleOSV:CVE-2017-14723HistorySep 23, 2017 - 8:29 p.m.
CVE-2017-14723
2017-09-2320:29:00
Google
osv.dev
15
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
References
www.securityfocus.com/bid/100912
www.securitytracker.com/id/1039553
core.trac.wordpress.org/changeset/41470
core.trac.wordpress.org/changeset/41496
github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
medium.com/websec/wordpress-sqli-bbb2afcc8e94
medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
www.debian.org/security/2017/dsa-3997
Related
threatpost
threatpost
WordPress Delivers Second Patch For SQL Injection Bug
2017-11-01 14:35:18
attackerkb
attackerkb
CVE-2017-14723
2017-09-23 00:00:00
prion
prion
Sql injection
2017-09-23 20:29:00
Sql injection
2017-11-02 16:29:00
veracode
veracode
SQL Injection
2017-10-03 06:39:40
wpvulndb
wpvulndb
WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
2017-09-19 00:00:00
nvd
nvd
CVE-2017-14723
2017-09-23 20:29:00
CVE-2017-16510
2017-11-02 16:29:00
ubuntucve
ubuntucve
CVE-2017-14723
2017-09-23 00:00:00
CVE-2017-16510
2017-11-02 00:00:00
debiancve
debiancve
CVE-2017-14723
2017-09-23 20:29:00
CVE-2017-16510
2017-11-02 16:29:00
cve
cve
CVE-2017-14723
2017-09-23 20:29:00
CVE-2017-16510
2017-11-02 16:29:00
cvelist
cvelist
CVE-2017-14723
2017-09-23 20:00:00
CVE-2017-16510
2017-11-02 16:00:00
debian
debian
[SECURITY] [DLA 1160-1] wordpress security update
2017-11-04 20:06:14
[SECURITY] [DLA 1151-1] wordpress security update
2017-10-31 15:22:01
[SECURITY] [DSA 3997-1] wordpress security update
2017-10-11 11:51:21
osv
osv
CVE-2017-16510
2017-11-02 16:29:00
wordpress - security update
2017-10-31 00:00:00
wordpress - security update
2017-10-10 00:00:00
nessus
nessus
Debian DLA-1160-1 : wordpress security update
2017-11-06 00:00:00
WordPress < 4.8.3 Multiple Vulnerabilities
2017-11-02 00:00:00
WordPress < 4.8.2 Multiple Vulnerabilities
2017-09-20 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1160-1)
2023-03-08 00:00:00
WordPress < 4.8.2 Multiple Vulnerabilities - Windows
2017-09-21 00:00:00
Debian: Security Advisory (DLA-1151-1)
2018-02-06 00:00:00