CVE-2017-14725
CVE-2017-14725
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
Maturidade do exploit
Exploit funcional
Exploit automatizável disponível (Nuclei/Metasploit).
CVSS —EPSS 2.1%KEV nãoPoC —Nuclei simMetasploit —Patch referenciado
Ciclo de vida
23 set 2017Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Produtos afetados
n/a · n/aReferências
https://core.trac.wordpress.org/changeset/41398https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8910https://www.debian.org/security/2017/dsa-3997http://www.securityfocus.com/bid/100912http://www.securitytracker.com/id/1039553