Описание
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Ссылки
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2