Description

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

Remediation

References

CVE-2017-14722

Related Vulnerabilities

Oracle Database Server CVE-2009-3410 Vulnerability (CVE-2009-3410)

WordPress Plugin Events Search For The Events Calendar Security Bypass (1.1.3)

WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.5.2)

MySQL CVE-2022-21355 Vulnerability (CVE-2022-21355)

PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability

Severity

High

Classification

CVE-2017-14722 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities