CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.List of 448,247 websites affected by CVE-2017-6814
The domain names are hidden due to the sensitivity of the data. Please click on the "Contact us" button above to get more information.
| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com |  United States | *,*** | |
| ************.org | United States | *,*** | |
| ******.com |  France | *,*** | |
| ***********.eu |  Cyprus | *,*** | |
| *******.org | United States | *,*** | |
| *********.io |  Netherlands | *,*** | |
| ***********.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ********.org | United States | *,*** | |
| ********.eu |  Austria | *,*** | |
| ********************.ru |  Russia | *,*** | |
| ********************.com | Cyprus | *,*** | |
| *********.com | United States | *,*** | |
| ****************.com | United States | *,*** | |
| ****.********.edu | United States | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **********.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| ****.com | United States | **,*** | |
| *********.org | United States | **,*** |