Description
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.4.2)
WordPress Plugin Gravity Forms HubSpot Cross-Site Scripting (1.0.8)
WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)
PHP Data Processing Errors Vulnerability (CVE-2015-4147)
WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.4.9)