High severity7.5OSV Advisory· Published Jan 15, 2017· Updated Jun 17, 2026
CVE-2017-5493
CVE-2017-5493
Description
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34.7+ 2 more
- (no CPE)range: 4.7
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=4.7
- (no CPE)range: <4.7.1
Patches
Vulnerability mechanics
References
8- github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4nvdPatch
- www.openwall.com/lists/oss-security/2017/01/14/6nvdMailing ListThird Party Advisory
- codex.wordpress.org/Version_4.7.1nvdRelease NotesVendor Advisory
- wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/nvdVendor Advisory
- www.debian.org/security/2017/dsa-3779nvd
- www.securityfocus.com/bid/95401nvd
- www.securitytracker.com/id/1037591nvd
- wpvulndb.com/vulnerabilities/8721nvd
News mentions
0No linked articles in our index yet.