Description

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.

Remediation

References

CVE-2017-17091

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Security Bypass (2.7.2)

WordPress Plugin Random Banner Cross-Site Scripting (4.1.4)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1643)

Lighttpd Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4559)

Severity

High

Classification

CVE-2017-17091 CWE-330 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities