WordPress Plugins Themes Submit

WordPress 4.2-4.7.2 - Press This CSRF DoS

Sign up to our free email alerts service for instant vulnerability notifications!

Affects

WordPresses

4.7.2 fixed in version 4.7.3 4.7.1 fixed in version 4.7.3 4.7 fixed in version 4.7.3 4.6.3 fixed in version 4.6.4 4.6.2 fixed in version 4.6.4 4.6.1 fixed in version 4.6.4 4.6 fixed in version 4.6.4 4.5.6 fixed in version 4.5.7 4.5.5 fixed in version 4.5.7 4.5.4 fixed in version 4.5.7 4.5.3 fixed in version 4.5.7 4.5.2 fixed in version 4.5.7 4.5.1 fixed in version 4.5.7 4.5 fixed in version 4.5.7 4.4.7 fixed in version 4.4.8 4.4.6 fixed in version 4.4.8 4.4.5 fixed in version 4.4.8 4.4.4 fixed in version 4.4.8 4.4.3 fixed in version 4.4.8 4.4.2 fixed in version 4.4.8 4.4.1 fixed in version 4.4.8 4.4 fixed in version 4.4.8 4.3.8 fixed in version 4.3.9 4.3.7 fixed in version 4.3.9 4.3.6 fixed in version 4.3.9 4.3.5 fixed in version 4.3.9 4.3.4 fixed in version 4.3.9 4.3.3 fixed in version 4.3.9 4.3.2 fixed in version 4.3.9 4.3.1 fixed in version 4.3.9 4.3 fixed in version 4.3.9 4.2.9 fixed in version 4.2.13 4.2.8 fixed in version 4.2.13 4.2.7 fixed in version 4.2.13 4.2.6 fixed in version 4.2.13 4.2.5 fixed in version 4.2.13 4.2.4 fixed in version 4.2.13 4.2.3 fixed in version 4.2.13 4.2.2 fixed in version 4.2.13 4.2.12 fixed in version 4.2.13 4.2.11 fixed in version 4.2.13 4.2.10 fixed in version 4.2.13 4.2.1 fixed in version 4.2.13 4.2 fixed in version 4.2.13

References

CVE	2017-6819
URL	https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
URL	https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
URL	https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
URL	http://seclists.org/oss-sec/2017/q1/562

Classification

Type	CSRF
OWASP Top 10	A8: Cross-Site Request Forgery (CSRF)
CWE	CWE-352

Miscellaneous

Submitter	ethicalhack3r
Submitter Website	https://dewhurstsecurity.com/
Submitter Twitter	ethicalhack3r
Views	2235
Verified	No
WPVDB ID	8770

Timeline

Publicly Published	2017-03-06 (6 months ago)
Added	2017-03-07 (5 months ago)
Last Updated	2017-03-15 (5 months ago)

Copyright & License

Copyright	All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License	Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.