CVE-2012-4448

Name of the Vulnerable Software and Affected Versions WordPress version 3.4.2

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard incoming links edit action. This occurs in the wp-admin/index.php file.

Recommendations For WordPress version 3.4.2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the wp-admin/index.php file and the dashboard incoming links edit action to minimize the risk of exploitation.