WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping

Affects WordPresses

3.8.1

Fixed in version 3.8.24✓

3.8

Fixed in version 3.8.24✓

3.7.1

Fixed in version 3.7.24✓

3.6

Fixed in version 4.9.1✓

3.5.2

Fixed in version 4.9.1✓

3.5.1

Fixed in version 4.9.1✓

3.5

Fixed in version 4.9.1✓

3.4.2

Fixed in version 4.9.1✓

3.4.1

Fixed in version 4.9.1✓

3.4

Fixed in version 4.9.1✓

References

CVE

CVE-2017-17094

URL

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

URL

https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

1f71a775-e87e-47e9-9642-bf4bce99c332

Timeline

Publicly Published

2017-11-29 (about 3 years ago)

Added

2017-11-30 (about 3 years ago)

Last Updated

2020-09-22 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin