Critical severity9.8NVD Advisory· Published Sep 23, 2017· Updated Jun 17, 2026
CVE-2017-14723
CVE-2017-14723
Description
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=4.8.1
- (no CPE)range: <4.8.2
Patches
Vulnerability mechanics
References
10- core.trac.wordpress.org/changeset/41470nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/41496nvdPatchVendor Advisory
- github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48nvdIssue TrackingPatchThird Party Advisory
- github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ecnvdIssue TrackingPatchThird Party Advisory
- wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/nvdPatchRelease NotesVendor Advisory
- medium.com/websec/wordpress-sqli-bbb2afcc8e94nvdExploitMitigationThird Party Advisory
- medium.com/websec/wordpress-sqli-poc-f1827c20bf8envdExploitThird Party Advisory
- www.securityfocus.com/bid/100912nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039553nvd
- www.debian.org/security/2017/dsa-3997nvd
News mentions
0No linked articles in our index yet.