Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14725Open Redirect in Wordpress

CWE-601Open Redirect5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
4.2%
top 11.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedSep 23
Latest updateMay 17

Description

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.8.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.8.2+dfsg-1+3

Patches

Patch: core.trac.wordpress.orgPatch: wpvulndb.comPatch: core.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-928v-37ff-2cvr: Before version 42022-05-17
OSV
CVE-2017-14725: Before version 42017-09-23

💥Exploits & PoCs

1
Nuclei
WordPress < 4.8.2 - Authenticated Open Redirect

📋Vendor Advisories

1
Debian
CVE-2017-14725: wordpress - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp...2017
CVE-2017-14725 — Open Redirect in Debian Wordpress | cvebase