PT-2017-17350 · WordPress · Wordpress

Xuliang

·

Publicado

2017-03-12

·

Atualizado

2019-03-19

·

CVE-2017-6819

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.7.3
Description The issue allows for cross-site request forgery (CSRF) in Press This, leading to excessive use of server resources. This can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Recommendations For versions prior to 4.7.3, update to version 4.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Press This feature until the update is applied.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-6819

Produtos afetados

Wordpress