ThreatPress

WordPress Vulnerabilities Database

Back

WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping

Product
WordPress
Description
The attributes of enclosures are not correctly escaped in RSS and Atom feeds in wp-includes/feed.php file, which might allow an attacker to exploit XSS via a crafted URL.
Solution
Update WordPress to v4.9.1.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress Changelog
CVE
CVE
Name CVE-2017-17094
Versions
Affected In <= 4.9
Fixed In 4.9.1
Disclosure date
2017-11-29