CVE-2017-14722

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14722
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14722.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14722
Downstream
Published
2017-09-23T20:29:00.390Z
Modified
2025-12-08T18:52:07.515024Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06fa4161aa74619239cf27017d124081c825684a
Last affected
14247ee4302378d292863865c643abe99bbfe3c7
Last affected
1ea8e9a4f03f425a6a77c3487528fedd3f33c100
Last affected
2152a6a1ea3db59fcc626fe8129d6fc175e0df66
Last affected
2a8d1f281a2868d0f1326e89a5a40d6133abf589
Last affected
8f2b8627600d5d98a9d170b1af00d3a86dfc66df
Last affected
c840eb9da2ef1c7a23d3ec2d63c0d953fed56926
Last affected
dd46042e3c3b43c5ee3c17862213b0280fb5abfd

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d924259d53f10bfd96338819101427edc28a47e
Last affected
2ac9b801ef5c18accf223b093529dacfcf809133
Last affected
4edc9409213cd7bfaf33fddfc83622e7c22d208f
Last affected
69c4f7ec640d058fcf8071781f4abb414cf7c7e1
Last affected
7139852304b08ab170ccdb1a42eb7f6b474dcdc7
Last affected
c0ad47cca62d55072d8a4d1b24d97224bc568349
Last affected
c2f0fa1f68a3e9f2ad737988649028d515c41364
Last affected
efa83f48bd4ebd066e5efc94b9feefe50e7925a2