CVE-2017-5612 Debian CVE debrief

Who should care

WordPress administrators and site owners running versions before 4.7.2, especially environments where users can create or edit posts and administrators routinely view the wp-admin posts list table.

Technical summary

NVD classifies this as CWE-79 with CVSS 3.0 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The affected component is wp-admin/includes/class-wp-posts-list-table.php in the posts list table. The source corpus ties remediation to the WordPress 4.7.2 security release and the associated GitHub patch commit 4482f9207027de8f36630737ae085110896ea849. NVD’s vulnerable CPE criteria mark WordPress versions through 4.7.1 as affected.

Defensive priority

Medium. Patch promptly if any WordPress deployment is below 4.7.2, because the flaw can alter what is rendered in the admin interface and requires no elevated privileges in the CVSS vector.

Recommended defensive actions

• Upgrade WordPress to 4.7.2 or later.
• Confirm no production instances remain on WordPress 4.7.1 or earlier.
• Review the WordPress 4.7.2 security release notes before and after deployment.
• Use the referenced patch and advisory materials to validate that your update path includes the fix.

Evidence notes

This debrief is grounded in the supplied NVD record, which gives the CVSS vector, CWE-79 classification, affected WordPress version range through 4.7.1, and the vulnerable file path. The source corpus also includes the WordPress 4.7.2 security release notes and the specific GitHub commit referenced as the patch. The source item metadata contains Debian-related CPE criteria and Debian advisories, but the primary vulnerability description and fix references are WordPress-specific; that mapping should be treated as inventory context rather than the core issue description.

Official resources