Description
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5335)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17858)
WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)