vulnerability

Wordpress: CVE-2017-5493: Cryptographic Issues

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 14, 2017	May 16, 2017	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 14, 2017

Added

May 16, 2017

Modified

Mar 30, 2026

Description

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Solution

wordpress-upgrade-4_7_1

References

CVE-2017-5493
https://attackerkb.com/topics/CVE-2017-5493
CWE-338
EUVD-EUVD-2017-14597
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-14597

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report