CVE-2017-14725
CVE-2017-14725
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 2.1%KEV nãoPoC —Nuclei simMetasploit —Patch referenciado
Lifecycle
23 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Affected products
n/a · n/aReferences
https://core.trac.wordpress.org/changeset/41398https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8910https://www.debian.org/security/2017/dsa-3997http://www.securityfocus.com/bid/100912http://www.securitytracker.com/id/1039553