WordPress 4.2-4.7.2 - Press This CSRF DoS

Affects WordPresses

fixed in version 4.7.3

fixed in version 4.7.3

fixed in version 4.7.3

fixed in version 4.6.4

fixed in version 4.6.4

fixed in version 4.6.4

fixed in version 4.6.4

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.5.7

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.4.8

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.3.9

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

fixed in version 4.2.13

References

CVE	2017-6819
URL	https://hackerone.com/reports/153093
URL	https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
URL	https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
URL	https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
URL	http://seclists.org/oss-sec/2017/q1/562

Classification

Type	CSRF
CWE	CWE-352

Miscellaneous

Submitter	ethicalhack3r
Submitter Website	https://dewhurstsecurity.com/
Submitter Twitter	ethicalhack3r
Views	5417
Verified	No
WPVDB ID	8770

Timeline

Publicly Published	2017-03-06 (over 2 years ago)
Added	2017-03-07 (over 2 years ago)
Last Updated	2018-08-29 (12 months ago)

Our Other Services

Online WordPress Vulnerability Scanner

WPScan WordPress Security Plugin