WordPress Vulnerabilities

WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload

Affects WordPress

3.8.1
Fixed in WordPress 3.8.24
3.8
Fixed in WordPress 3.8.24
3.7.1
Fixed in WordPress 3.7.24
3.6
Fixed in WordPress 4.9.1
3.5.2
Fixed in WordPress 4.9.1
3.5.1
Fixed in WordPress 4.9.1
3.5
Fixed in WordPress 4.9.1
3.4.2
Fixed in WordPress 4.9.1
3.4.1
Fixed in WordPress 4.9.1
3.4
Fixed in WordPress 4.9.1
3.3.3
Fixed in WordPress 4.9.1
3.3.2
Fixed in WordPress 4.9.1
3.3.1
Fixed in WordPress 4.9.1
3.3
Fixed in WordPress 4.9.1
3.2.1
Fixed in WordPress 4.9.1
3.2
Fixed in WordPress 4.9.1
3.1.4
Fixed in WordPress 4.9.1
3.1.3
Fixed in WordPress 4.9.1
3.1.2
Fixed in WordPress 4.9.1
3.1.1
Fixed in WordPress 4.9.1
3.1
Fixed in WordPress 4.9.1
3.0.6
Fixed in WordPress 4.9.1
3.0.5
Fixed in WordPress 4.9.1
3.0.4
Fixed in WordPress 4.9.1
3.0.3
Fixed in WordPress 4.9.1
3.0.2
Fixed in WordPress 4.9.1
3.0.1
Fixed in WordPress 4.9.1
3.0
Fixed in WordPress 4.9.1
2.9.2
Fixed in WordPress 4.9.1
2.9.1
Fixed in WordPress 4.9.1
2.9
Fixed in WordPress 4.9.1
2.8.6
Fixed in WordPress 4.9.1
3.6.1
Fixed in WordPress 4.9.1
3.9
Fixed in WordPress 3.9.22
3.9.1
Fixed in WordPress 3.9.22
3.7
Fixed in WordPress 3.7.24
3.8.2
Fixed in WordPress 3.8.24
3.8.3
Fixed in WordPress 3.8.24
3.9.2
Fixed in WordPress 3.9.22
4.0
Fixed in WordPress 4.0.21
4.1
Fixed in WordPress 4.1.21
4.1.1
Fixed in WordPress 4.1.21
4.2
Fixed in WordPress 4.2.18
3.9.3
Fixed in WordPress 3.9.22
4.1.2
Fixed in WordPress 4.1.21
4.2.1
Fixed in WordPress 4.2.18
4.0.1
Fixed in WordPress 4.0.21
4.1.5
Fixed in WordPress 4.1.21
4.1.4
Fixed in WordPress 4.1.21
4.1.3
Fixed in WordPress 4.1.21
3.8.4
Fixed in WordPress 3.8.24
3.7.4
Fixed in WordPress 3.7.24
4.2.3
Fixed in WordPress 4.2.18
3.8.8
Fixed in WordPress 3.8.24
3.8.5
Fixed in WordPress 3.8.24
3.8.6
Fixed in WordPress 3.8.24
3.8.7
Fixed in WordPress 3.8.24
3.7.2
Fixed in WordPress 3.7.24
3.7.3
Fixed in WordPress 3.7.24
3.7.5
Fixed in WordPress 3.7.24
3.7.6
Fixed in WordPress 3.7.24
3.7.7
Fixed in WordPress 3.7.24
3.7.8
Fixed in WordPress 3.7.24
3.7.9
Fixed in WordPress 3.7.24
3.8.9
Fixed in WordPress 3.8.24
3.9.4
Fixed in WordPress 3.9.22
3.9.5
Fixed in WordPress 3.9.22
3.9.6
Fixed in WordPress 3.9.22
3.9.7
Fixed in WordPress 3.9.22
4.0.2
Fixed in WordPress 4.0.21
4.0.3
Fixed in WordPress 4.0.21
4.0.4
Fixed in WordPress 4.0.21
4.0.5
Fixed in WordPress 4.0.21
4.0.6
Fixed in WordPress 4.0.21
4.1.6
Fixed in WordPress 4.1.21
4.2.2
Fixed in WordPress 4.2.18
4.2.4
Fixed in WordPress 4.2.18
4.1.7
Fixed in WordPress 4.1.21
4.0.7
Fixed in WordPress 4.0.21
3.9.8
Fixed in WordPress 3.9.22
3.8.10
Fixed in WordPress 3.8.24
3.7.10
Fixed in WordPress 3.7.24
4.3
Fixed in WordPress 4.3.14
4.3.1
Fixed in WordPress 4.3.14
4.2.5
Fixed in WordPress 4.2.18
4.1.8
Fixed in WordPress 4.1.21
4.0.8
Fixed in WordPress 4.0.21
3.9.9
Fixed in WordPress 3.9.22
3.8.11
Fixed in WordPress 3.8.24
3.7.11
Fixed in WordPress 3.7.24
4.4
Fixed in WordPress 4.4.13
3.7.12
Fixed in WordPress 3.7.24
3.8.12
Fixed in WordPress 3.8.24
3.9.10
Fixed in WordPress 3.9.22
4.0.9
Fixed in WordPress 4.0.21
4.1.9
Fixed in WordPress 4.1.21
4.2.6
Fixed in WordPress 4.2.18
4.3.2
Fixed in WordPress 4.3.14
4.4.1
Fixed in WordPress 4.4.13
4.4.2
Fixed in WordPress 4.4.13
4.3.3
Fixed in WordPress 4.3.14
4.2.7
Fixed in WordPress 4.2.18
4.1.10
Fixed in WordPress 4.1.21
4.0.10
Fixed in WordPress 4.0.21
3.9.11
Fixed in WordPress 3.9.22
3.8.13
Fixed in WordPress 3.8.24
3.7.13
Fixed in WordPress 3.7.24
4.5
Fixed in WordPress 4.5.12
4.5.1
Fixed in WordPress 4.5.12
3.7.14
Fixed in WordPress 3.7.24
3.8.14
Fixed in WordPress 3.8.24
3.9.12
Fixed in WordPress 3.9.22
4.0.11
Fixed in WordPress 4.0.21
4.1.11
Fixed in WordPress 4.1.21
4.2.8
Fixed in WordPress 4.2.18
4.3.4
Fixed in WordPress 4.3.14
4.4.3
Fixed in WordPress 4.4.13
4.5.2
Fixed in WordPress 4.5.12
4.5.3
Fixed in WordPress 4.5.12
3.7.15
Fixed in WordPress 3.7.24
3.8.15
Fixed in WordPress 3.8.24
3.9.13
Fixed in WordPress 3.9.22
4.0.12
Fixed in WordPress 4.0.21
4.1.12
Fixed in WordPress 4.1.21
4.2.9
Fixed in WordPress 4.2.18
4.3.5
Fixed in WordPress 4.3.14
4.4.4
Fixed in WordPress 4.4.13
4.6
Fixed in WordPress 4.6.9
3.7.16
Fixed in WordPress 3.7.24
3.8.16
Fixed in WordPress 3.8.24
3.9.14
Fixed in WordPress 3.9.22
4.0.13
Fixed in WordPress 4.0.21
4.1.13
Fixed in WordPress 4.1.21
4.2.10
Fixed in WordPress 4.2.18
4.3.6
Fixed in WordPress 4.3.14
4.4.5
Fixed in WordPress 4.4.13
4.5.4
Fixed in WordPress 4.5.12
4.6.1
Fixed in WordPress 4.6.9
4.7
Fixed in WordPress 4.7.8
3.7.17
Fixed in WordPress 3.7.24
3.8.17
Fixed in WordPress 3.8.24
3.9.15
Fixed in WordPress 3.9.22
4.0.14
Fixed in WordPress 4.0.21
4.1.14
Fixed in WordPress 4.1.21
4.2.11
Fixed in WordPress 4.2.18
4.3.7
Fixed in WordPress 4.3.14
4.4.6
Fixed in WordPress 4.4.13
4.5.5
Fixed in WordPress 4.5.12
4.7.1
Fixed in WordPress 4.7.8
4.6.2
Fixed in WordPress 4.6.9
3.7.18
Fixed in WordPress 3.7.24
3.8.18
Fixed in WordPress 3.8.24
3.9.16
Fixed in WordPress 3.9.22
4.0.15
Fixed in WordPress 4.0.21
4.1.15
Fixed in WordPress 4.1.21
4.2.12
Fixed in WordPress 4.2.18
4.3.8
Fixed in WordPress 4.3.14
4.4.7
Fixed in WordPress 4.4.13
4.5.6
Fixed in WordPress 4.5.12
4.6.3
Fixed in WordPress 4.6.9
4.7.2
Fixed in WordPress 4.7.8
3.7.19
Fixed in WordPress 3.7.24
3.8.19
Fixed in WordPress 3.8.24
3.9.17
Fixed in WordPress 3.9.22
4.0.16
Fixed in WordPress 4.0.21
4.1.16
Fixed in WordPress 4.1.21
4.2.13
Fixed in WordPress 4.2.18
4.3.9
Fixed in WordPress 4.3.14
4.4.8
Fixed in WordPress 4.4.13
4.5.7
Fixed in WordPress 4.5.12
4.6.4
Fixed in WordPress 4.6.9
4.7.3
Fixed in WordPress 4.7.8
3.7.20
Fixed in WordPress 3.7.24
3.8.20
Fixed in WordPress 3.8.24
3.9.18
Fixed in WordPress 3.9.22
4.0.17
Fixed in WordPress 4.0.21
4.1.17
Fixed in WordPress 4.1.21
4.2.14
Fixed in WordPress 4.2.18
4.3.10
Fixed in WordPress 4.3.14
4.4.9
Fixed in WordPress 4.4.13
4.5.8
Fixed in WordPress 4.5.12
4.6.5
Fixed in WordPress 4.6.9
4.7.4
Fixed in WordPress 4.7.8
4.7.5
Fixed in WordPress 4.7.8
3.7.21
Fixed in WordPress 3.7.24
3.8.21
Fixed in WordPress 3.8.24
3.9.19
Fixed in WordPress 3.9.22
4.0.18
Fixed in WordPress 4.0.21
4.1.18
Fixed in WordPress 4.1.21
4.2.15
Fixed in WordPress 4.2.18
4.3.11
Fixed in WordPress 4.3.14
4.4.10
Fixed in WordPress 4.4.13
4.5.9
Fixed in WordPress 4.5.12
4.6.6
Fixed in WordPress 4.6.9
4.8
Fixed in WordPress 4.8.4
4.8.1
Fixed in WordPress 4.8.4
3.7.22
Fixed in WordPress 3.7.24
3.8.22
Fixed in WordPress 3.8.24
3.9.20
Fixed in WordPress 3.9.22
4.0.19
Fixed in WordPress 4.0.21
4.1.19
Fixed in WordPress 4.1.21
4.2.16
Fixed in WordPress 4.2.18
4.3.12
Fixed in WordPress 4.3.14
4.4.11
Fixed in WordPress 4.4.13
4.5.10
Fixed in WordPress 4.5.12
4.6.7
Fixed in WordPress 4.6.9
4.7.6
Fixed in WordPress 4.7.8
4.8.2
Fixed in WordPress 4.8.4
4.8.3
Fixed in WordPress 4.8.4
3.7.23
Fixed in WordPress 3.7.24
3.8.23
Fixed in WordPress 3.8.24
3.9.21
Fixed in WordPress 3.9.22
4.0.20
Fixed in WordPress 4.0.21
4.1.20
Fixed in WordPress 4.1.21
4.2.17
Fixed in WordPress 4.2.18
4.3.13
Fixed in WordPress 4.3.14
4.4.12
Fixed in WordPress 4.4.13
4.5.11
Fixed in WordPress 4.5.12
4.6.8
Fixed in WordPress 4.6.9
4.7.7
Fixed in WordPress 4.7.8
4.9
Fixed in WordPress 4.9.1

References

CVE
CVE-2017-17092
URL
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
URL
https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0d2323bd-aecd-4d58-ba4b-597a43034f57

Timeline

Publicly Published
2017-11-29 (about 8 years ago)
Added
2017-11-30 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2017-05-16
Title
WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
Published
2025-11-03
Title
WP 2FA < 3.0.0 - Second Factor Bypass
Published
2019-10-14
Title
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
Published
2022-11-21
Title
All In One WP Security & Firewall < 5.0.8 - IP Spoofing
Published
2020-12-14
Title
Limit Login Attempts Reloaded < 2.17.4 - Login Rate Limiting Bypass