CVE-2017-5611

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.7.2

Description The issue is related to a SQL injection vulnerability in the WP Query function, specifically in the wp-includes/class-wp-query.php file. This vulnerability can be exploited by remote attackers to execute arbitrary SQL commands, provided that an affected plugin or theme mishandles a crafted post type name. The vulnerability is associated with the lack of protection for the SQL query structure.

Recommendations For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted post type names in affected plugins or themes until a patch is applied. Additionally, ensure that all plugins and themes are updated to their latest versions to minimize the risk of exploitation.