Chris Jean

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.7.1 **Description** The issue allows remote attackers to bypass intended posting restrictions. This can be achieved by using a spoofed mail server. **Recommendations** For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.7.1 **Description** The issue concerns the Multisite WordPress API, where the `wp-includes/ms-functions.php` file does not properly generate random numbers for keys. This weakness allows remote attackers to bypass intended access restrictions by crafting specific site signup or user signup requests. **Recommendations** For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue.