Description
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
Remediation
References
Related Vulnerabilities
WordPress Plugin stm-megamenu Local File Inclusion (2.3.12)
WordPress Plugin Nofollow for external link Multiple Unspecified Vulnerabilities (1.1.2)
Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.7)
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)
WordPress Plugin Custom Field Template PHP Object Injection (2.5.7)