Released publicly last April, the CVE-2017-8295 is an unpatched Wordpress exploit (0day) that works on every version of the famous CMS until the last 4.8.3 (4.9 is under the hood too) release.