CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Date published : 2017-09-23

http://www.securityfocus.com/bid/100912

https://www.debian.org/security/2017/dsa-3997