CVE-2017-5492

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.7.1

Description A cross-site request forgery (CSRF) issue exists in the widget-editing accessibility-mode feature, allowing remote attackers to hijack the authentication of victims for requests that perform a widgets-access action. This is related to the wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php files.

Recommendations For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the widget-editing feature in accessibility mode until the update is applied.