VDB
CVE-2017-5493
CVE-2017-5493
PUBLISHED
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
EPSS 1.67% · 82.5th percentile
Risk Scores
EPSS Score
1.67%
82.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wordpress | 0, 4.3+dfsg-1, 4.3.1+dfsg-1 |
Exploit Intelligence
- https://wpvulndb.com/vulnerabilities/8721 (circl)
- 95401 (circl)
- DSA-3779 (circl)
- https://codex.wordpress.org/Version_4.7.1 (circl)
- [oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7 (circl)
- 1037591 (circl)
- https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 (circl)
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ (circl)
Timeline
- Jan 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 5, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5493 third-party-advisory
- http://www.openwall.com/lists/oss-security/2017/01/14/1 third-party-advisory
- https://wpvulndb.com/vulnerabilities/8721 third-party-advisory
- https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 third-party-advisory
- http://www.openwall.com/lists/oss-security/2017/01/14/6 third-party-advisory
- https://codex.wordpress.org/Version_4.7.1 third-party-advisory
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5493 third-party-advisory