CVE-2017-16510
CRITICALWordPress <4.8.3 - SQL Injection
Title source: llmDescription
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
Scores
CVSS v3
9.8
EPSS
0.0417
EPSS Percentile
88.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-89
Status
draft
Affected Products (1)
wordpress/wordpress
< 4.8.2
Timeline
Published
Nov 02, 2017
Tracked Since
Feb 18, 2026