Description

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Remediation

References

CVE-2017-14720

Related Vulnerabilities

WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)

SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2020-35930)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)

WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)

WordPress Plugin WP User Frontend-Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Arbitrary File Upload (2.3.10)

Severity

Medium

Classification

CVE-2017-14720 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities