CVE-2016-6635

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.5

Description A cross-site request forgery (CSRF) issue exists in the wp ajax wp compression test function, located in wp-admin/includes/ajax-actions.php, allowing remote attackers to hijack administrator authentication for requests that modify the script compression option.

Recommendations For versions prior to 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/includes/ajax-actions.php file to minimize the risk of exploitation.