Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0654 Vulnerability (CVE-2016-0654)
WordPress Plugin WooCommerce Extra Product Options Multiple Vulnerabilities (4.5.3)
WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9)
WordPress Plugin Broken Link Manager SQL Injection (0.6.5)
Internet Information Services Other Vulnerability (CVE-2000-0025)