vulnerability
FreeBSD: VID-a48d4478-e23f-4085-8ae4-6b3a7b6f016b (CVE-2017-14721): wordpress -- multiple issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 29, 2017 | Sep 29, 2017 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 29, 2017
Added
Sep 29, 2017
Modified
Dec 10, 2025
Description
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Solution
freebsd-upgrade-package-wordpress
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.