First published: Sun Mar 12 2017(Updated: )
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=4.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.