CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Published: Sep 23, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-14719
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	3.0.5	3.0.5.x
WordPress / wordpress	4.0.1	4.0.1.x
WordPress / wordpress	3.6.1	3.6.1.x
WordPress / wordpress	4.1.1	4.1.1.x
WordPress / wordpress	3.7	3.7.x
WordPress / wordpress	3.9.3	3.9.3.x
WordPress / wordpress	3.0.2	3.0.2.x
WordPress / wordpress	3.2.1	3.2.1.x
WordPress / wordpress	3.1.4	3.1.4.x
WordPress / wordpress	3.0	3.0.x
WordPress / wordpress	3.8.3	3.8.3.x
WordPress / wordpress	3.2	3.2.x
WordPress / wordpress	3.3.3	3.3.3.x
WordPress / wordpress	3.0.1	3.0.1.x
WordPress / wordpress	3.9.2	3.9.2.x
WordPress / wordpress	3.7.1	3.7.1.x
WordPress / wordpress	4.5.3	4.5.3.x
WordPress / wordpress	3.1.3	3.1.3.x
WordPress / wordpress	3.7.4	3.7.4.x
WordPress / wordpress	3.8.2	3.8.2.x
WordPress / wordpress	4.7.1	4.7.1.x
WordPress / wordpress	3.0.4	3.0.4.x
WordPress / wordpress	3.1	3.1.x
WordPress / wordpress	3.6	3.6.x
WordPress / wordpress	3.3.2	3.3.2.x
WordPress / wordpress	3.1.2	3.1.2.x
WordPress / wordpress	4.0	4.0.x
WordPress / wordpress	3.0.6	3.0.6.x
WordPress / wordpress	3.3.1	3.3.1.x
WordPress / wordpress	3.8	3.8.x
WordPress / wordpress	4.4.1	4.4.1.x
WordPress / wordpress	4.7	4.7.x
WordPress / wordpress	3.1.1	3.1.1.x
WordPress / wordpress	4.1	4.1.x
WordPress / wordpress	3.8.1	3.8.1.x
WordPress / wordpress	3.9.1	3.9.1.x
WordPress / wordpress	3.3	3.3.x
WordPress / wordpress	3.8.4	3.8.4.x
WordPress / wordpress	3.5.1	3.5.1.x
WordPress / wordpress	3.4.2	3.4.2.x
WordPress / wordpress	3.4.1	3.4.1.x
WordPress / wordpress	3.0.3	3.0.3.x
WordPress / wordpress	4.7.2	4.7.2.x
WordPress / wordpress	3.9	3.9.x
WordPress / wordpress	4.7.3	4.7.3.x
WordPress / wordpress	4.7.4	4.7.4.x
WordPress / wordpress	4.7.5	4.7.5.x
WordPress / wordpress	4.8	4.8.x
WordPress / wordpress	4.8.1	4.8.1.x
WordPress / wordpress	4.6.7	4.6.7.x
WordPress / wordpress	4.6.6	4.6.6.x
WordPress / wordpress	4.6.5	4.6.5.x
WordPress / wordpress	4.6.4	4.6.4.x
WordPress / wordpress	4.6.3	4.6.3.x
WordPress / wordpress	4.6.2	4.6.2.x
WordPress / wordpress	4.6.1	4.6.1.x
WordPress / wordpress	4.6	4.6.x
WordPress / wordpress	4.5.9	4.5.9.x
WordPress / wordpress	4.5.8	4.5.8.x
WordPress / wordpress	4.5.7	4.5.7.x
WordPress / wordpress	4.5.6	4.5.6.x
WordPress / wordpress	4.5.5	4.5.5.x
WordPress / wordpress	4.5.4	4.5.4.x
WordPress / wordpress	4.5.2	4.5.2.x
WordPress / wordpress	4.5.10	4.5.10.x
WordPress / wordpress	4.5.1	4.5.1.x
WordPress / wordpress	4.5	4.5.x
WordPress / wordpress	4.4.9	4.4.9.x
WordPress / wordpress	4.4.8	4.4.8.x
WordPress / wordpress	4.4.7	4.4.7.x
WordPress / wordpress	4.4.6	4.4.6.x
WordPress / wordpress	4.4.5	4.4.5.x
WordPress / wordpress	4.4.4	4.4.4.x
WordPress / wordpress	4.4.3	4.4.3.x
WordPress / wordpress	4.4.2	4.4.2.x
WordPress / wordpress	4.4.11	4.4.11.x
WordPress / wordpress	4.4.10	4.4.10.x
WordPress / wordpress	4.4	4.4.x
WordPress / wordpress	4.3.9	4.3.9.x
WordPress / wordpress	4.3.8	4.3.8.x
WordPress / wordpress	4.3.7	4.3.7.x
WordPress / wordpress	4.3.6	4.3.6.x
WordPress / wordpress	4.3.5	4.3.5.x
WordPress / wordpress	4.3.4	4.3.4.x
WordPress / wordpress	4.3.3	4.3.3.x
WordPress / wordpress	4.3.2	4.3.2.x
WordPress / wordpress	4.3.12	4.3.12.x
WordPress / wordpress	4.3.11	4.3.11.x
WordPress / wordpress	4.3.10	4.3.10.x
WordPress / wordpress	4.3.1	4.3.1.x
WordPress / wordpress	4.3	4.3.x
WordPress / wordpress	4.2.9	4.2.9.x
WordPress / wordpress	4.2.8	4.2.8.x
WordPress / wordpress	4.2.7	4.2.7.x
WordPress / wordpress	4.2.6	4.2.6.x
WordPress / wordpress	4.2.5	4.2.5.x
WordPress / wordpress	4.2.4	4.2.4.x
WordPress / wordpress	4.2.3	4.2.3.x
WordPress / wordpress	4.2.2	4.2.2.x
WordPress / wordpress	4.2.16	4.2.16.x
WordPress / wordpress	4.2.15	4.2.15.x
WordPress / wordpress	4.2.14	4.2.14.x
WordPress / wordpress	4.2.13	4.2.13.x
WordPress / wordpress	4.2.12	4.2.12.x
WordPress / wordpress	4.2.11	4.2.11.x
WordPress / wordpress	4.2.10	4.2.10.x
WordPress / wordpress	4.2.1	4.2.1.x
WordPress / wordpress	4.2	4.2.x
WordPress / wordpress	4.1.9	4.1.9.x
WordPress / wordpress	4.1.8	4.1.8.x
WordPress / wordpress	4.1.7	4.1.7.x
WordPress / wordpress	4.1.6	4.1.6.x
WordPress / wordpress	4.1.5	4.1.5.x
WordPress / wordpress	4.1.4	4.1.4.x
WordPress / wordpress	4.1.3	4.1.3.x
WordPress / wordpress	4.1.2	4.1.2.x
WordPress / wordpress	4.1.19	4.1.19.x
WordPress / wordpress	4.1.18	4.1.18.x
WordPress / wordpress	4.1.17	4.1.17.x
WordPress / wordpress	4.1.16	4.1.16.x
WordPress / wordpress	4.1.15	4.1.15.x
WordPress / wordpress	4.1.14	4.1.14.x
WordPress / wordpress	4.1.13	4.1.13.x
WordPress / wordpress	4.1.12	4.1.12.x
WordPress / wordpress	4.1.11	4.1.11.x
WordPress / wordpress	4.1.10	4.1.10.x
WordPress / wordpress	4.0.9	4.0.9.x
WordPress / wordpress	4.0.8	4.0.8.x
WordPress / wordpress	4.0.7	4.0.7.x
WordPress / wordpress	4.0.6	4.0.6.x
WordPress / wordpress	4.0.5	4.0.5.x
WordPress / wordpress	4.0.4	4.0.4.x
WordPress / wordpress	4.0.3	4.0.3.x
WordPress / wordpress	4.0.2	4.0.2.x
WordPress / wordpress	4.0.19	4.0.19.x
WordPress / wordpress	4.0.18	4.0.18.x
WordPress / wordpress	4.0.17	4.0.17.x
WordPress / wordpress	4.0.16	4.0.16.x
WordPress / wordpress	4.0.15	4.0.15.x
WordPress / wordpress	4.0.14	4.0.14.x
WordPress / wordpress	4.0.13	4.0.13.x
WordPress / wordpress	4.0.12	4.0.12.x
WordPress / wordpress	4.0.11	4.0.11.x
WordPress / wordpress	4.0.10	4.0.10.x
WordPress / wordpress	3.9.9	3.9.9.x
WordPress / wordpress	3.9.8	3.9.8.x
WordPress / wordpress	3.9.7	3.9.7.x
WordPress / wordpress	3.9.6	3.9.6.x
WordPress / wordpress	3.9.5	3.9.5.x
WordPress / wordpress	3.9.4	3.9.4.x
WordPress / wordpress	3.9.20	3.9.20.x
WordPress / wordpress	3.9.19	3.9.19.x
WordPress / wordpress	3.9.18	3.9.18.x
WordPress / wordpress	3.9.17	3.9.17.x
WordPress / wordpress	3.9.16	3.9.16.x
WordPress / wordpress	3.9.15	3.9.15.x
WordPress / wordpress	3.9.14	3.9.14.x
WordPress / wordpress	3.9.13	3.9.13.x
WordPress / wordpress	3.9.12	3.9.12.x
WordPress / wordpress	3.9.11	3.9.11.x
WordPress / wordpress	3.9.10	3.9.10.x
WordPress / wordpress	3.8.9	3.8.9.x
WordPress / wordpress	3.8.8	3.8.8.x
WordPress / wordpress	3.8.7	3.8.7.x
WordPress / wordpress	3.8.6	3.8.6.x
WordPress / wordpress	3.8.5	3.8.5.x
WordPress / wordpress	3.8.22	3.8.22.x
WordPress / wordpress	3.8.21	3.8.21.x
WordPress / wordpress	3.8.20	3.8.20.x
WordPress / wordpress	3.8.19	3.8.19.x
WordPress / wordpress	3.8.18	3.8.18.x
WordPress / wordpress	3.8.17	3.8.17.x
WordPress / wordpress	3.8.16	3.8.16.x
WordPress / wordpress	3.8.15	3.8.15.x
WordPress / wordpress	3.8.14	3.8.14.x
WordPress / wordpress	3.8.13	3.8.13.x
WordPress / wordpress	3.8.12	3.8.12.x
WordPress / wordpress	3.8.11	3.8.11.x
WordPress / wordpress	3.8.10	3.8.10.x
WordPress / wordpress	3.7.9	3.7.9.x
WordPress / wordpress	3.7.8	3.7.8.x
WordPress / wordpress	3.7.7	3.7.7.x
WordPress / wordpress	3.7.6	3.7.6.x
WordPress / wordpress	3.7.5	3.7.5.x
WordPress / wordpress	3.7.3	3.7.3.x
WordPress / wordpress	3.7.22	3.7.22.x
WordPress / wordpress	3.7.21	3.7.21.x
WordPress / wordpress	3.7.20	3.7.20.x
WordPress / wordpress	3.7.2	3.7.2.x
WordPress / wordpress	3.7.19	3.7.19.x
WordPress / wordpress	3.7.18	3.7.18.x
WordPress / wordpress	3.7.17	3.7.17.x
WordPress / wordpress	3.7.16	3.7.16.x
WordPress / wordpress	3.7.15	3.7.15.x
WordPress / wordpress	3.7.14	3.7.14.x
WordPress / wordpress	3.7.13	3.7.13.x
WordPress / wordpress	3.7.12	3.7.12.x
WordPress / wordpress	3.7.11	3.7.11.x
WordPress / wordpress	3.7.10	3.7.10.x
WordPress / wordpress	3.5.2	3.5.2.x
WordPress / wordpress	3.5	3.5.x
WordPress / wordpress	3.4	3.4.x

Vulnerability Database

290,206

CVE-2017-14719