Description
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2018-1313 Vulnerability (CVE-2018-1313)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)
Oracle HTTP Server Other Vulnerability (CVE-2006-5350)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.4)
ownCloud Improper Authentication Vulnerability (CVE-2014-2047)