Description
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Remediation
References
Related Vulnerabilities
WordPress Plugin WHIZZ Cross-Site Scripting (1.0.7)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.32)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
WordPress Plugin Contus HD FLV Player 'process-sortable.php' SQL Injection (1.3)
WordPress Plugin WooCommerce Stock Manager Security Bypass (1.0.7)