vulnerability

Debian: CVE-2017-5493: wordpress -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 14, 2017	Feb 2, 2017	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 14, 2017

Added

Feb 2, 2017

Modified

Aug 15, 2025

Description

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.

Solution

debian-upgrade-wordpress

References

CVE-2017-5493
https://attackerkb.com/topics/CVE-2017-5493
CWE-338
DEBIAN-DLA-813-1
DEBIAN-DSA-3779

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today