Описание
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitMitigationThird Party Advisory
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitMitigationThird Party Advisory
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Before version 4.8.2, WordPress mishandled % characters and additional ...
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2