Lucene search
N/APATCHSTACK:35BD5EC987365670B27E50E0E79EBB2FHistoryNov 29, 2017 - 12:00 a.m.
WordPress 3.7-4.9 - newbloguser Key Bypass
2017-11-2900:00:00
N/A
patchstack.com
48
0.004 Low
EPSS
Percentile
72.8%
In wp-admin/user-new.php the newbloguser key is set to a string that can be get from the user ID, which allows an attacker to bypass intended access restrictions by entering this string.
Solution
Update WordPress to 4.9.1
Related
cve
cve
CVE-2017-17091
2017-12-02 06:29:00
veracode
veracode
Access Restriction Bypass
2017-12-04 02:22:46
osv
osv
CVE-2017-17091
2017-12-02 06:29:00
wordpress - security update
2017-12-21 00:00:00
wordpress - security update
2018-01-17 00:00:00
nvd
nvd
CVE-2017-17091
2017-12-02 06:29:00
debiancve
debiancve
CVE-2017-17091
2017-12-02 06:29:00
wpvulndb
wpvulndb
WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
2017-11-29 00:00:00
ubuntucve
ubuntucve
CVE-2017-17091
2017-12-02 00:00:00
prion
prion
Design/Logic Flaw
2017-12-02 06:29:00
cvelist
cvelist
CVE-2017-17091
2017-12-02 06:00:00
debian
debian
[SECURITY] [DLA 1216-1] wordpress security update
2017-12-21 20:10:37
[SECURITY] [DSA 4090-1] wordpress security update
2018-01-17 13:40:59
[SECURITY] [DSA 4090-1] wordpress security update
2018-01-17 13:40:59
openvas
openvas
Debian: Security Advisory (DLA-1216-1)
2023-03-08 00:00:00
WordPress < 4.9.1 Multiple Vulnerabilities - Linux
2017-12-04 00:00:00
WordPress < 4.9.1 Multiple Vulnerabilities - Windows
2017-12-04 00:00:00
nessus
nessus
Debian DLA-1216-1 : wordpress security update
2017-12-26 00:00:00
WordPress < 4.9.1 Multiple Vulnerabilities
2017-12-04 00:00:00
Debian DSA-4090-1 : wordpress - security update
2018-01-18 00:00:00