CVE-2017-1000600 — Vulnetix

CVE-2017-1000600 PUBLISHED

WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9

EPSS 19.82% · 95.6th percentile

Risk Scores

EPSS Score

19.82%

95.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	wordpress	0, 4.3+dfsg-1, 4.3.1+dfsg-1

Exploit Intelligence

https://youtu.be/GePBmsNJw6Y?t=1763 (circl)
https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ (circl)
105305 (circl)

Timeline

Sep 6, 2018 CVE Published
Apr 14, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 13, 2023 EPSS Score
Sep 15, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-1000600 third-party-advisory
https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ third-party-advisory
https://youtu.be/GePBmsNJw6Y?t=1763 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-1000600 third-party-advisory

Open in Interactive Console →