CVE-2017-17091

Published: 2017-12-02T06:29Z

Last Modified: 2024-11-21T03:17Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt