Lucene search

K

GoogleOSV:CVE-2017-16510

HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-16510

2017-11-0216:29:00

Google

osv.dev

17

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.3%

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a “double prepare” approach, a different vulnerability than CVE-2017-14723.

References

www.securityfocus.com/bid/101638

blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

codex.wordpress.org/Version_4.8.3

github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d

lists.debian.org/debian-lts-announce/2017/11/msg00003.html

wordpress.org/news/2017/10/wordpress-4-8-3-security-release/

wpvulndb.com/vulnerabilities/8941

www.debian.org/security/2018/dsa-4090

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.3%

Related for OSV:CVE-2017-16510

ubuntucve2 prion2 cvelist2 nvd3 debian5 debiancve2 nessus5 openvas8 cve3 threatpost1 attackerkb1 osv5 veracode2 wpvulndb2