CVE-2017-17091
WordPress Core < 4.9.1 - Authorization Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
wp-admin/user-new.php en WordPress en versiones anteriores a la 4.9.1 establece la clave newbloguser a una cadena que se puede derivar directamente del ID de usuario, lo que permite que los atacantes remotos omitan las restricciones de acceso planeadas introduciendo esta cadena.
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-29 CVE Published
- 2017-12-02 CVE Reserved
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102024 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html | Mailing List |
|
| https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release | Release Notes | |
| https://wpvulndb.com/vulnerabilities/8969 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://codex.wordpress.org/Version_4.9.1 | 2019-10-03 | |
| https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c | 2019-10-03 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4090 | 2019-10-03 |