vulnerability

Debian: CVE-2017-5493: wordpress -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 14, 2017	Feb 2, 2017	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 14, 2017

Added

Feb 2, 2017

Modified

Nov 27, 2024

Description

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Solution

debian-upgrade-wordpress

References

CVE-2017-5493
https://attackerkb.com/topics/CVE-2017-5493
DEBIAN-DLA-813-1
DEBIAN-DSA-3779

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today