vulnerability

Wordpress: CVE-2017-5493: Cryptographic Issues

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	2017-01-14	2017-05-16	2024-11-27

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

2017-01-14

Added

2017-05-16

Modified

2024-11-27

Description

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Solution

wordpress-upgrade-4_7_1

References

CVE-2017-5493
https://attackerkb.com/topics/CVE-2017-5493

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today