Description

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.

Remediation

References

CVE-2017-17091

Related Vulnerabilities

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.5)

Apache HTTP Server CVE-2013-1896 Vulnerability (CVE-2013-1896)

MySQL CVE-2014-2444 Vulnerability (CVE-2014-2444)

WordPress Plugin WP-Stats Multiple Vulnerabilities (2.51)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)

Severity

High

Classification

CVE-2017-17091 CWE-330 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities