CVE-2017-16510

UNKNOWN

Published 2017-11-02T16:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16510. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

WordPress Vulnerability

Identified and analyzed by Wordfence

Software Type

Core

Patch Status

Patched

Published

October 31, 2017

Software Details

Software Name

WordPress

Software Slug

wordpress

Affected Versions

[*, 3.7) 4.6 - 4.6.7 4.7 - 4.7.6 4.8 - 4.8.2 3.7 - 3.7.22 3.8 - 3.8.22 3.9 - 3.9.20 4.0 - 4.0.19 4.1 - 4.1.19 4.2 - 4.2.16 4.3 - 4.3.12 4.4 - 4.4.11 4.5 - 4.5.10

Patched Versions

3.7.23 3.8.23 3.9.21 4.0.20 4.1.20 4.2.17 4.3.13 4.4.12 4.5.11 4.6.8 4.7.7 4.8.3

Remediation

Update to one of the following versions, or a newer patched version: 3.7.23, 3.8.23, 3.9.21, 4.0.20, 4.1.20, 4.2.17, 4.3.13, 4.4.12, 4.5.11, 4.6.8, 4.7.7, 4.8.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6182e8-ba5c-4873-aa18-45a79191c8c5?source=api-prod

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-4cxp-jjp3-3qpw

Advisory Details

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16510

WEB https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d

WEB https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

WEB https://codex.wordpress.org/Version_4.8.3

WEB https://lists.debian.org/debian-lts-announce/2017/11/msg00003.html

WEB https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release

WEB https://wpvulndb.com/vulnerabilities/8941

WEB https://www.debian.org/security/2018/dsa-4090

WEB http://www.securityfocus.com/bid/101638

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: April 20, 2025

References

https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d

https://www.debian.org/security/2018/dsa-4090

https://lists.debian.org/debian-lts-announce/2017/11/msg00003.html

http://www.securityfocus.com/bid/101638

https://wpvulndb.com/vulnerabilities/8941

https://codex.wordpress.org/Version_4.8.3

https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/

Published: 2017-11-02T16:00:00

Last Modified: 2024-08-05T20:27:03.287Z

Copied to clipboard!

CVE-2017-16510

Expert Analysis

Description

Available Exploits

Related News

WordPress Vulnerability

Software Type

Patch Status

Published

Software Details

Software Name

Software Slug

Affected Versions

Patched Versions

Remediation

References

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!