CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
We have discovered 531,835 live websites that are affected by CVE-2017-5611.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Domains | 531,835 live websites (5.77% of WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 592 versions ( 63.59% of all versions) |
Details
- Published - Jan 30, 2017
- Updated - Aug 5, 2024
CVE References
CVE-2017-5611 usage by Country
 United States | 95,809 websites |
 Italy | 74,240 websites |
 Germany | 37,461 websites |
 Japan | 30,793 websites |
 Australia | 29,207 websites |
 GB | 25,992 websites |
 France | 23,931 websites |
 Russia | 22,204 websites |
 Poland | 19,714 websites |
 Netherlands | 18,309 websites |
CVE-2017-5611 usage by TLD
| .com | 185,715 websites |
| .it | 49,367 websites |
| .com.au | 20,865 websites |
| .ru | 19,508 websites |
| .org | 17,928 websites |
| .de | 17,575 websites |
| .net | 16,545 websites |
| .co.uk | 15,856 websites |
| .pl | 14,286 websites |
| .nl | 12,285 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2017-5611
Top websites that are affected by CVE-2017-5611. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *,*** | |
| ****.***********.de | Germany | *,*** | |
| *************.com | United States | *,*** | |
| ************.org | United States | *,*** | |
| ********.eu |  Austria | *,*** | |
| ********************.ru | Russia | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **********.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| **************.********.com | United States | **,*** |
FAQ
A total of 531,835 websites have been identified as vulnerable to CVE-2017-5611, discovered through global website indexing conducted by WebTechSurvey.
WordPress is susceptible to CVE-2017-5611 vulnerability.
WordPress versions before 4.7.2 are vulnerable to CVE-2017-5611.
Version 4.7.2 of WordPress addresses the CVE-2017-5611 security vulnerability.
References
- http://www.securityfocus.com/bid/95816
- http://www.debian.org/security/2017/dsa-3779
- http://www.openwall.com/lists/oss-security/2017/01/28/5
- http://www.securitytracker.com/id/1037731
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://codex.wordpress.org/Version_4.7.2
- https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
- https://wpvulndb.com/vulnerabilities/8730