WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection

Affects WordPresses

3.8.1

Fixed in version 3.8.22✓

3.8

Fixed in version 3.8.22✓

3.7.1

Fixed in version 3.7.22✓

3.6

Fixed in version 4.8.2✓

3.5.2

Fixed in version 4.8.2✓

3.5.1

Fixed in version 4.8.2✓

3.5

Fixed in version 4.8.2✓

3.4.2

Fixed in version 4.8.2✓

3.4.1

Fixed in version 4.8.2✓

3.4

Fixed in version 4.8.2✓

References

CVE

CVE-2017-14723

URL

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

URL

https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48

URL

https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

9b3414c0-b33b-4c55-adff-718ff4c3195d

Timeline

Publicly Published

2017-09-19 (about 3 years ago)

Added

2017-09-20 (about 3 years ago)

Last Updated

2020-09-22 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin