WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF

Affects WordPresses

3.8.1

Fixed in version 3.8.21✓

3.8

Fixed in version 3.8.21✓

3.7.1

Fixed in version 3.7.21✓

3.6

Fixed in version 4.7.5✓

3.5.2

Fixed in version 4.7.5✓

3.5.1

Fixed in version 4.7.5✓

3.5

Fixed in version 4.7.5✓

3.4.2

Fixed in version 4.7.5✓

3.4.1

Fixed in version 4.7.5✓

3.4

Fixed in version 4.7.5✓

References

CVE

CVE-2017-9063

URL

https://wordpress.org/news/2017/05/wordpress-4-7-5/

URL

https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

e9535a5c-c6dc-4742-be40-1b94a718d3f3

Timeline

Publicly Published

2017-05-16 (about 4 years ago)

Added

2017-05-17 (about 4 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin