CVE-2017-20086: VaultPress Plugin code injection
First published: Thu Jun 23 2022(Updated: )
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Automattic Vaultpress | =1.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-20086?
The severity of CVE-2017-20086 is classified as high.
How does CVE-2017-20086 affect VaultPress Plugin 1.8.4?
CVE-2017-20086 affects an unknown part of VaultPress Plugin 1.8.4, leading to code injection.
Can CVE-2017-20086 be exploited remotely?
Yes, CVE-2017-20086 can be exploited remotely.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2017-20086?
The CWE ID associated with CVE-2017-20086 is CWE-94.
How can I fix CVE-2017-20086 in VaultPress Plugin 1.8.4?
To fix CVE-2017-20086 in VaultPress Plugin 1.8.4, update to a version that addresses the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/automattic
- canonical/automattic vaultpress
- version/automattic vaultpress/1.8.4