Skip to main content
CVE-2017-14723 CRITICAL POC PATCH THREAT Act Now

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

WordPress SQLi
NVD GitHub
CVSS 3.0
9.8
EPSS
10.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy