WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Get started
WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Get started
WordPress Vulnerabilities
WordPress 3.5-4.7.1 - WP_Query SQL Injection
Affects WordPress
3.8.1
Fixed in version 3.8.18
3.8
Fixed in version 3.8.18
3.7.1
Fixed in version 3.7.18
3.6
Fixed in version 4.7.2
3.5.2
Fixed in version 4.7.2
3.5.1
Fixed in version 4.7.2
3.5
Fixed in version 4.7.2
3.6.1
Fixed in version 4.7.2
3.9
Fixed in version 3.9.16
3.9.1
Fixed in version 3.9.16
Show more
References
CVE
CVE-2017-5611
URL
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
URL
https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
Classification
Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
481e3398-ed2e-460a-af67-ff58027901d1
Timeline
Publicly Published
2017-01-26
(about 6 years ago)
Added
2017-01-26
(about 6 years ago)
Last Updated
2020-09-22
(about 2 years ago)
Our Other Services
WPScan WordPress Security Plugin