Description
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Templatic Tevolution Arbitrary File Upload (2.3.6)
WordPress Plugin Insert Pages Cross-Site Scripting (3.7.4)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-2372)
WordPress Plugin Basic Google Maps Placemarks Cross-Site Scripting (1.10.2)
WordPress Plugin WP Gravity Forms Zendesk Cross-Site Scripting (1.0.7)