High severity7.5NVD Advisory· Published Sep 23, 2017· Updated May 13, 2026

CVE-2017-14719

Description

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Affected products

202

WordPress/WordPress202 versions
cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*+ 201 more
- cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.21:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.22:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.22:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:3.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:4.8.1:*:*:*:*:*:*:*
Package: https://wordpress.org/plugins/wordpress

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

core.trac.wordpress.org/changeset/41457nvdPatchVendor Advisory
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/nvdPatchRelease NotesVendor Advisory
www.securityfocus.com/bid/100912nvdThird Party AdvisoryVDB Entry
wpvulndb.com/vulnerabilities/8911nvdThird Party Advisory
www.securitytracker.com/id/1039553nvd
www.debian.org/security/2017/dsa-3997nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.041
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000