Skip to main content
CVE-2017-14627 HIGH POC THREAT Act Now

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Buffer Overflow RCE Labelprint
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
50.2%
Threat
4.6
CVE-2017-14719 HIGH PATCH Act Now

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 50.7%.

Path Traversal WordPress
NVD
CVSS 3.0
7.5
EPSS
50.7%
CVE-2017-14723 CRITICAL POC PATCH THREAT Act Now

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

WordPress SQLi
NVD GitHub
CVSS 3.0
9.8
EPSS
10.4%
CVE-2017-14722 HIGH PATCH Act Now

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.5%.

Path Traversal WordPress
NVD
CVSS 3.0
7.5
EPSS
30.5%
CVE-2017-14725 MEDIUM POC PATCH This Month

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect WordPress PHP
NVD
CVSS 3.0
5.4
EPSS
4.2%
CVE-2017-14724 MEDIUM PATCH This Month

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD
CVSS 3.0
6.1
EPSS
7.7%
CVE-2017-14727 HIGH PATCH This Week

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Logger
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-14726 MEDIUM PATCH This Month

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD
CVSS 3.0
6.1
EPSS
5.8%
CVE-2017-14721 MEDIUM PATCH This Month

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2017-14720 MEDIUM PATCH This Month

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2017-14718 MEDIUM PATCH This Month

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD
CVSS 3.0
6.1
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy