Описание
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.7.1+dfsg-1 |
| bionic | not-affected | 4.7.1+dfsg-1 |
| cosmic | not-affected | 4.7.1+dfsg-1 |
| devel | not-affected | 4.7.1+dfsg-1 |
| disco | not-affected | 4.7.1+dfsg-1 |
| eoan | not-affected | 4.7.1+dfsg-1 |
| esm-apps/bionic | not-affected | 4.7.1+dfsg-1 |
| esm-apps/focal | not-affected | 4.7.1+dfsg-1 |
| esm-apps/jammy | not-affected | 4.7.1+dfsg-1 |
| esm-apps/noble | not-affected | 4.7.1+dfsg-1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3