Description

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

CVE-2011-3127

Related Vulnerabilities

MySQL CVE-2014-4207 Vulnerability (CVE-2014-4207)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8140)

WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)

OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1563)

Severity

Medium

Classification

CVE-2011-3127 CWE-20

Tags

Missing Update Known Vulnerabilities