CVE-2017-14725

MEDIUM NUCLEI

WordPress < 4.8.2 - Authenticated Open Redirect

Title source: nuclei

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

WordPress < 4.8.2 - Authenticated Open Redirect

MEDIUMVERIFIEDby 0x_Akoko

Shodan: http.component:"wordpress" || cpe:"cpe:2.3:a:wordpress:wordpress"

FOFA: body="oembed" && body="wp-"

CVSS v3 5.4

EPSS 0.0418

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601

Status published

Products (1)

wordpress/wordpress < 4.8.1

Published Sep 23, 2017

Tracked Since Feb 18, 2026