CVE-2017-5612 in WordPress
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/16/2026
The vulnerability identified as CVE-2017-5612 represents a critical cross-site scripting flaw within the WordPress content management system that affects versions prior to 4.7.2. This vulnerability specifically resides in the wp-admin/includes/class-wp-posts-list-table.php file, which handles the display of posts within the administrative interface's posts list table. The flaw enables remote attackers to execute malicious scripts or HTML code by manipulating the excerpt field of posts, creating a persistent security risk for WordPress installations. The vulnerability stems from insufficient input validation and output sanitization mechanisms within the administrative dashboard's post listing functionality.
The technical nature of this vulnerability aligns with CWE-79, which categorizes cross-site scripting flaws as weaknesses in web applications that allow attackers to inject malicious client-side scripts. The flaw operates by failing to properly escape or sanitize user-supplied content when rendering post excerpts within the administrative interface. When administrators view the posts list table, the maliciously crafted excerpt content gets executed in their browser context, potentially leading to session hijacking, credential theft, or redirection to malicious sites. The vulnerability is particularly dangerous because it targets the administrative interface where privileged users with elevated permissions are most likely to be browsing, making it a prime target for attackers seeking to escalate privileges or gain unauthorized access to WordPress installations.
The operational impact of CVE-2017-5612 extends beyond simple script injection, as it provides attackers with potential pathways for more sophisticated attacks within the WordPress ecosystem. Administrators who view the compromised posts list table could unknowingly execute malicious scripts that persist in their browser sessions, potentially leading to complete compromise of their administrative access. This vulnerability can be exploited through various attack vectors including social engineering, where attackers craft malicious excerpts to entice administrators into viewing compromised posts, or through automated scanning tools that target known WordPress versions. The attack surface is particularly concerning given that the vulnerability affects the core administrative interface where all content management operations occur, making it a critical security concern for organizations relying on WordPress for content management.
Mitigation strategies for CVE-2017-5612 primarily focus on immediate remediation through WordPress version updates to 4.7.2 or later, which includes proper input sanitization and output escaping mechanisms. Organizations should also implement comprehensive security monitoring of administrative interfaces and conduct regular security audits of WordPress installations to identify similar vulnerabilities. Additional protective measures include implementing content security policies that restrict script execution within administrative contexts, enabling multi-factor authentication for administrative accounts, and establishing regular security training for administrators to recognize potential social engineering attempts. The vulnerability serves as a reminder of the importance of maintaining up-to-date software components and implementing proper input validation across all user-facing interfaces, aligning with ATT&CK techniques that emphasize credential access and privilege escalation through web application vulnerabilities.