CVE-2017-5492
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
We have discovered 531,221 live websites that are affected by CVE-2017-5492.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Domains | 531,221 live websites (5.76% of WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 591 versions ( 63.48% of all versions) |
Details
- Published - Jan 15, 2017
- Updated - Aug 5, 2024
CVE References
CVE-2017-5492 usage by Country
 United States | 95,611 websites |
 Italy | 74,227 websites |
 Germany | 37,398 websites |
 Japan | 30,741 websites |
 Australia | 29,203 websites |
 GB | 25,973 websites |
 France | 23,904 websites |
 Russia | 22,177 websites |
 Poland | 19,695 websites |
 Netherlands | 18,290 websites |
CVE-2017-5492 usage by TLD
| .com | 185,473 websites |
| .it | 49,355 websites |
| .com.au | 20,861 websites |
| .ru | 19,488 websites |
| .org | 17,905 websites |
| .de | 17,540 websites |
| .net | 16,524 websites |
| .co.uk | 15,838 websites |
| .pl | 14,272 websites |
| .nl | 12,268 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2017-5492
Top websites that are affected by CVE-2017-5492. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *,*** | |
| ****.***********.de | Germany | *,*** | |
| *************.com | United States | *,*** | |
| ************.org | United States | *,*** | |
| ********.eu |  Austria | *,*** | |
| ********************.ru | Russia | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **********.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| **************.********.com | United States | **,*** |
FAQ
A total of 531,221 websites have been identified as vulnerable to CVE-2017-5492, discovered through global website indexing conducted by WebTechSurvey.
WordPress is susceptible to CVE-2017-5492 vulnerability.
WordPress versions before 4.7.1 are vulnerable to CVE-2017-5492.
Version 4.7.1 of WordPress addresses the CVE-2017-5492 security vulnerability.
References
- https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- http://www.debian.org/security/2017/dsa-3779
- https://wpvulndb.com/vulnerabilities/8720
- http://www.securityfocus.com/bid/95407
- https://codex.wordpress.org/Version_4.7.1
- http://www.openwall.com/lists/oss-security/2017/01/14/6
- http://www.securitytracker.com/id/1037591
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/