Description

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Remediation

References

CVE-2017-6819

Related Vulnerabilities

Sqlite Improper Resource Shutdown or Release Vulnerability (CVE-2015-3415)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1167)

Envoy Proxy CVE-2025-30157 Vulnerability (CVE-2025-30157)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1198)

Severity

Medium

Classification

CVE-2017-6819 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities