CVE-2017-16510

CVE Database · CVE-2017-16510

CVE-2017-16510

· N/AModified

CVSS v3.1

N/A

EPSS

7.74%

Published

Nov 2, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

Weaknesses (CWE)

CWE-89

Affected Products (1)

wordpress · wordpressvulnerable

References (16)

http://www.securityfocus.com/bid/101638

Third Party AdvisoryVDB Entry

https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

Issue TrackingThird Party Advisory

https://codex.wordpress.org/Version_4.8.3

Issue TrackingVendor Advisory

https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d

Issue TrackingPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2017/11/msg00003.html

https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/

KEV Catalog EPSS Scores Vendors All CVEs