Vulnerability Details : CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Vulnerability category: Directory traversal
Products affected by CVE-2017-14719
- cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.22:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.21:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.22:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5:*:*:*:*:*:*:*
Threat overview for CVE-2017-14719
Top countries where our scanners detected CVE-2017-14719
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-14719 78
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-14719!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-14719
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-14719
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-14719
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14719
-
http://www.securityfocus.com/bid/100912
WordPress Prior to 4.8.2 Multiple Input Validation Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
News – WordPress 4.8.2 Security and Maintenance Release – WordPress.orgRelease Notes;Patch;Vendor Advisory
-
https://www.debian.org/security/2017/dsa-3997
Debian -- Security Information -- DSA-3997-1 wordpress
-
http://www.securitytracker.com/id/1039553
WordPress Multiple Bugs Let Remote Users Conduct Cross-Site Scripting, SQL Injection, and Open Redirect Attacks - SecurityTracker
-
https://core.trac.wordpress.org/changeset/41457
Changeset 41457 – WordPress TracPatch;Vendor Advisory
-
https://wpvulndb.com/vulnerabilities/8911
WordPress 3.0-4.8.1 - Path Traversal in UnzippingThird Party Advisory
Jump to