Access Restriction Bypass

Wordpress is vulnerable to access restriction bypass. The newbloguser key is a string value which is derived from a userID. Attackers can bypass access restrictions by entering this string...

WordPress Access Restriction Bypass Vulnerability

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. An access restriction bypass vulnerability exists in WordPress versions prior to 4.9.1. The...

DEBIAN-CVE-2017-17091

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string...

CVE-2017-17091

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string...

CVE-2017-17091

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string...

UBUNTU-CVE-2017-17091

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string...

WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing

...

WordPress 3.7-4.9 - newbloguser Key Bypass

In wp-admin/user-new.php the newbloguser key is set to a string that can be get from the user ID, which allows an attacker to bypass intended access restrictions by entering this string. Solution Update WordPress to 4.9.1...