Description

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

Remediation

References

CVE-2015-5731

Related Vulnerabilities

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-2019)

WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.5.1)

Apache Tomcat Other Vulnerability (CVE-2003-0042)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)

WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)

Severity

Medium

Classification

CVE-2015-5731 CWE-352

Tags

Missing Update Known Vulnerabilities