CVE-2017-14719 — Path Traversal in Wordpress

Severity

7.5HIGHNVD

EPSS

50.7%

top 2.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 23

Latest updateMay 17

Description

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

▶debiandebian/wordpress< wordpress 4.8.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.8.2+dfsg-1+3

▶NVDwordpress/wordpress202 versions+201

GHSA

GHSA-8rmg-wmq4-q93v: Before version 4↗2022-05-17

▶

OSV

CVE-2017-14719: Before version 4↗2017-09-23

▶

Debian

CVE-2017-14719: wordpress - Before version 4.8.2, WordPress was vulnerable to a directory traversal attack d...↗2017

▶