CVE-2017-14725
published 2017-09-23CVE-2017-14725: Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
PriorityP430medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
2.13%
79.7th percentile
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 4.8.2+dfsg-1 (bookworm) | wordpress 4.8.2+dfsg-1 (bookworm) |
| wordpress | wordpress | <= 4.8.1 | — |
| wordpress | wordpress | >= 0 < 4.8.2+dfsg-1 | 4.8.2+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.8.2+dfsg-1 | 4.8.2+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.8.2+dfsg-1 | 4.8.2+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.8.2+dfsg-1 | 4.8.2+dfsg-1 |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
osv5.4MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-14725: wordpress - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp...
vendor_debian·2017·CVSS 5.4
CVE-2017-14725 [MEDIUM] CVE-2017-14725: wordpress - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp...
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Scope: local
bookworm: resolved (fixed in 4.8.2+dfsg-1)
bullseye: resolved (fixed in 4.8.2+dfsg-1)
forky: resolved (fixed in 4.8.2+dfsg-1)
sid: resolved (fixed in 4.8.2+dfsg-1)
trixie: resolved (fixed in 4.8.2+dfsg-1)
GHSA
GHSA-928v-37ff-2cvr: Before version 4
ghsa_unreviewed·2022-05-17
CVE-2017-14725 [MEDIUM] CWE-601 GHSA-928v-37ff-2cvr: Before version 4
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
OSV
CVE-2017-14725: Before version 4
osv·2017-09-23·CVSS 5.4
CVE-2017-14725 [MEDIUM] CVE-2017-14725: Before version 4
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
No detection rules found.
Nuclei
WordPress < 4.8.2 - Authenticated Open Redirect
nuclei·CVSS 5.4
CVE-2017-14725 [MEDIUM] WordPress < 4.8.2 - Authenticated Open Redirect
WordPress < 4.8.2 - Authenticated Open Redirect
WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface.
Template:
id: CVE-2017-14725
info:
name: WordPress < 4.8.2 - Authenticated Open Redirect
author: 0x_Akoko
severity: medium
description: |
WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface.
impact: |
Attackers can redirect authenticated users to malicious sites, potentially leading to phishing or malware distributi
No writeups or analysis indexed.
http://www.securityfocus.com/bid/100912http://www.securitytracker.com/id/1039553https://core.trac.wordpress.org/changeset/41398https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8910https://www.debian.org/security/2017/dsa-3997http://www.securityfocus.com/bid/100912http://www.securitytracker.com/id/1039553https://core.trac.wordpress.org/changeset/41398https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8910https://www.debian.org/security/2017/dsa-3997
2017-09-23
Published