CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.

We have discovered 581,832 live websites that are affected by CVE-2017-17093.

Run a Free Instant Scan



Affected Software

Product  WordPress
Category Content Management System
Vulnerable Domains581,832 live websites (7.09% of WordPress install base)
Vulnerable Versions
  • from 0 through 4.9.1
Vulnerable Versions Count831 versions ( 63% of all versions)



Details

  • Published - Dec 2, 2017
  • Updated - Aug 5, 2024

Website Distribution by Country

Number of websites using CVE-2017-17093
United States102,936 websites


Italy76,966 websites
Germany44,543 websites
Japan36,928 websites
Russia30,947 websites
GB27,660 websites
France26,955 websites
Poland25,432 websites
Netherlands16,224 websites
Iran13,526 websites

Website Distribution by TLD

Number of websites using CVE-2017-17093
.com208,651 websites
.it50,607 websites
.ru25,787 websites
.de21,664 websites
.org21,020 websites
.pl18,439 websites
.net17,448 websites
.co.uk15,211 websites
.nl11,680 websites
.fr10,559 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2017-17093

Top websites that are affected by CVE-2017-17093. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
****.br Brazil***
*****.com United States*,***
************.org United States*,***
******.com France*,***
***********.eu Cyprus*,***
*****.****.br Brazil*,***
*******.org United States*,***
********.****.br Brazil*,***
*********.io Netherlands*,***
***********.com United States*,***
See full domain list

FAQ

A total of 581,832 websites have been identified as vulnerable to CVE-2017-17093, based on global website indexing conducted by WebTechSurvey.
The WordPress is affected by the CVE-2017-17093 vulnerability.
WordPress versions up to and including 4.9.1 are vulnerable to CVE-2017-17093.