CVE-2017-14723

WordPress Core < 4.8.2 - SQL Injection via Mishandled Placeholders

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Antes de la versión 4.8.2, WordPress no gestionaba correctamente caracteres % y valores de sustitución adicionales en $wpdb->prepare, por lo que no abordaba correctamente la posibilidad de que los plugins o los temas permitiesen los ataques de inyección SQL.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. For the oldstable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u15. For the stable distribution (stretch), these problems have been fixed in version 4.7.5+dfsg-2+deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.8.2+dfsg-2. For the unstable distribution (sid), these problems have been fixed in version 4.8.2+dfsg-2.

*Credits: Slavco Mihajloski

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-09-19 CVE Published
2017-09-23 CVE Reserved
2024-08-05 CVE Updated
2024-08-05 First Exploit
2025-08-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/bid/100912	Third Party Advisory
http://www.securitytracker.com/id/1039553	Vdb Entry

URL	Date	SRC
https://medium.com/websec/wordpress-sqli-bbb2afcc8e94	2024-08-05
https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e	2024-08-05

URL	Date	SRC
https://core.trac.wordpress.org/changeset/41470	2017-11-10
https://core.trac.wordpress.org/changeset/41496	2017-11-10
https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48	2017-11-10
https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec	2017-11-10
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release	2017-11-10

URL	Date	SRC
https://www.debian.org/security/2017/dsa-3997	2017-11-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				<= 4.8.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 4.8.1"		-		Affected