Description
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Remediation
References
Related Vulnerabilities
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
WordPress Plugin Foliopress WYSIWYG Cross-Site Scripting (2.6.8.4)
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)
WordPress Plugin Woocommerce CSV importer Unspecified Vulnerability (3.4.0)
Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2023-3128)