CVE-2017-5611 in WordPressinfo

Summary

by MITRE

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/16/2026

The vulnerability identified as CVE-2017-5611 represents a critical SQL injection flaw within the WordPress content management system that affects versions prior to 4.7.2. This vulnerability specifically targets the wp-includes/class-wp-query.php file which is responsible for handling query operations within the WordPress framework. The flaw occurs when WordPress processes post type names through the WP_Query class, creating an avenue for malicious actors to inject arbitrary SQL commands into the database layer. The vulnerability requires the presence of a compromised plugin or theme that improperly handles crafted post type names, making it particularly insidious as it leverages existing vulnerabilities in third-party components rather than directly targeting WordPress core functionality.

The technical exploitation of this vulnerability stems from improper input validation within the WP_Query class implementation. When WordPress encounters a post type name that has been manipulated by an attacker, the system fails to properly sanitize or escape the input before incorporating it into SQL query construction. This allows attackers to inject malicious SQL fragments that can manipulate database operations, potentially leading to unauthorized data access, modification, or deletion. The vulnerability is classified as a CWE-89 SQL Injection weakness under the Common Weakness Enumeration framework, specifically demonstrating how inadequate input sanitization can lead to database compromise. The attack vector requires remote execution capabilities and typically involves manipulating URL parameters or POST data that gets processed through the WordPress query system, often through plugin or theme code that fails to validate post type identifiers properly.

The operational impact of CVE-2017-5611 extends beyond simple data theft as it provides attackers with the capability to escalate privileges within the WordPress environment. Successful exploitation can result in complete database compromise, allowing unauthorized users to extract sensitive information including user credentials, personal data, and configuration details. The vulnerability also enables attackers to modify or delete content, potentially disrupting website operations and compromising the integrity of the published material. From an attacker's perspective, this vulnerability aligns with ATT&CK technique T1078 Valid Accounts, as compromised WordPress installations can provide access to administrative interfaces and database resources. The attack chain typically involves identifying vulnerable plugins or themes that improperly handle post type parameters, crafting malicious post type names that bypass input validation, and then executing SQL injection payloads that can manipulate the underlying database structure.

Mitigation strategies for CVE-2017-5611 primarily focus on immediate system updates and input validation improvements. The most effective remediation is upgrading WordPress to version 4.7.2 or later, which includes patches specifically designed to address the improper input handling in the WP_Query class. System administrators should also implement comprehensive plugin and theme vetting processes to identify and remove components that may improperly handle post type parameters. Input validation should be strengthened at multiple layers including application-level sanitization, database query parameterization, and regular security audits of third-party components. Network-based protections such as web application firewalls can help detect and block malicious SQL injection attempts, while database access controls should be implemented to limit the impact of successful exploitation attempts. Additionally, monitoring systems should be configured to detect unusual database query patterns that may indicate SQL injection activity, and regular backups should be maintained to ensure rapid recovery in case of successful compromise.

Reservation

01/28/2017

Disclosure

01/29/2017

Moderation

accepted

Entry

VDB-96276

CPE

ready

Exploit

Download

EPSS

0.09933

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!