CVE-2017-9061 — Vulnetix

CVE-2017-9061 PUBLISHED

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

EPSS 3.31% · 87.5th percentile

Risk Scores

EPSS Score

3.31%

87.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	wordpress	0, ,

Exploit Intelligence

1038520 (circl)
https://wordpress.org/news/2017/05/wordpress-4-7-5/ (circl)
DSA-3870 (circl)
https://wpvulndb.com/vulnerabilities/8819 (circl)
98509 (circl)
https://codex.wordpress.org/Version_4.7.5 (circl)
https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 (circl)

Timeline

May 18, 2017 CVE Published
Apr 14, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Feb 4, 2022 EPSS Score
May 2, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 7, 2023 EPSS Score
May 13, 2023 EPSS Score
Sep 15, 2023 EPSS Score
Nov 17, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-9061 third-party-advisory
https://wordpress.org/news/2017/05/wordpress-4-7-5/ third-party-advisory
https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 third-party-advisory
https://codex.wordpress.org/Version_4.7.5 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-9061 third-party-advisory

Open in Interactive Console →