Vulnerabilities

CVE-2017-17091

by Fred · 02/12/2017

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.

Date published : 2017-12-02

http://www.securityfocus.com/bid/102024

https://www.debian.org/security/2018/dsa-4090

Related

Tags: Cybersecurity Alert