CVE-2017-1000600

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.9

Description The issue is related to a CWE-20 Input Validation problem in thumbnail processing, which can lead to remote code execution. This can be exploited through thumbnail upload by an authenticated user. It may require additional plugins to be exploited, although this has not been confirmed. The issue was partially fixed in WordPress 4.9 but not completely resolved.

Recommendations For WordPress versions prior to 4.9, update to a version that completely fixes the issue, as WordPress 4.9 only partially addresses the problem.