What is the severity of CVE-2017-5488?

CVE-2017-5488 is classified as a high severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2017-5488?

To fix CVE-2017-5488, upgrade your WordPress installation to version 4.7.1 or later.

What are the potential impacts of CVE-2017-5488?

The potential impacts of CVE-2017-5488 include unauthorized execution of scripts or HTML, compromising user data and website integrity.

Who is affected by CVE-2017-5488?

CVE-2017-5488 affects all WordPress installations prior to version 4.7.1.

How does CVE-2017-5488 enable cross-site scripting?

CVE-2017-5488 enables cross-site scripting by allowing attackers to inject arbitrary scripts through manipulated plugin headers.

Vulnerability/
CVE-2017-5488

medium

6.1

CWE

15/1/2017

4/11/2017

CVE-2017-5488: XSS

First published: Sun Jan 15 2017(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WordPress	<=4.7

Remedy

https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-5488?
CVE-2017-5488 is classified as a high severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2017-5488?
To fix CVE-2017-5488, upgrade your WordPress installation to version 4.7.1 or later.
What are the potential impacts of CVE-2017-5488?
The potential impacts of CVE-2017-5488 include unauthorized execution of scripts or HTML, compromising user data and website integrity.
Who is affected by CVE-2017-5488?
CVE-2017-5488 affects all WordPress installations prior to version 4.7.1.
How does CVE-2017-5488 enable cross-site scripting?
CVE-2017-5488 enables cross-site scripting by allowing attackers to inject arbitrary scripts through manipulated plugin headers.

agent/references
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/author
agent/severity
agent/remedy
agent/weakness
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/wordpress
canonical/wordpress
version/wordpress/4.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.