Description
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1153)
Oracle Application Server Other Vulnerability (CVE-2007-0284)
Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)
WordPress Plugin Simple Popup Newsletter Cross-Site Scripting (1.4.7)