vulnerability

Wordpress: CVE-2017-17091: Improper Access Control

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	2017-12-02	2018-01-09	2024-11-27

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

2017-12-02

Added

2018-01-09

Modified

2024-11-27

Description

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.

Solution

wordpress-upgrade-4_9_1

References

CVE-2017-17091
https://attackerkb.com/topics/CVE-2017-17091

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today