CVE-2017-14725

Name: CVE-2017-14725
Creator: NVD / NIST
Published: 2017-09-23T20:29:00.513+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.13%

Last modified Jun 17, 2026

CVE-2017-14725 is a vulnerability of currently unknown severity. Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.. EPSS estimates a 2.13% chance of exploitation in the next 30 days.

Description

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

Metrics

EPSS Probability

2.13%

79.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-601

Affected Software

Vendor	Product	Versions
Wordpress	Wordpress	<= 4.8.1

References

http://www.securityfocus.com/bid/100912Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039553
https://core.trac.wordpress.org/changeset/41398Patch, Vendor Advisory
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/Issue Tracking, Release Notes, Vendor Advisory
https://wpvulndb.com/vulnerabilities/8910Issue Tracking, Patch, VDB Entry, Vendor Advisory
https://www.debian.org/security/2017/dsa-3997
http://www.securityfocus.com/bid/100912Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039553
https://core.trac.wordpress.org/changeset/41398Patch, Vendor Advisory
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/Issue Tracking, Release Notes, Vendor Advisory
https://wpvulndb.com/vulnerabilities/8910Issue Tracking, Patch, VDB Entry, Vendor Advisory
https://www.debian.org/security/2017/dsa-3997

Timeline

Published: Sep 23, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14725?

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

How severe is CVE-2017-14725?

Severity scoring for CVE-2017-14725 is pending analysis. The EPSS model estimates a 2.13% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14725?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14725?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST