CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Published : 2017-01-15 02:59 Updated : 2019-10-03 00:03

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Wordpress Wordpress 4.7 cpe:/a:wordpress:wordpress:4.7
  1. Wordpress (1) Search CVE
    1. Wordpress (1) Search CVE
      1. 4.7

CWE

ID Name Description Links
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong. CVE

History of changes

Date Event
2019-10-03 00:03
2017-11-04 01:29
2017-07-31 12:12
2017-07-17 14:32
2017-01-15 02:59

New CVE