CVE-2017-5493

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5493

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5493.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5493

Downstream

DEBIAN-CVE-2017-5493

DLA-813-1

DSA-3779-1

UBUNTU-CVE-2017-5493

Published

2017-01-15T02:59:03Z

Modified

2025-11-03T18:33:55Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected