Description

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

Remediation

References

CVE-2015-5731

Related Vulnerabilities

WordPress Plugin Zedna Contact form Directory Traversal (1.1)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Cross-Site Scripting (1.5.38)

Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5162)

Oracle Application Server Other Vulnerability (CVE-2004-1877)

Oracle Database Server CVE-2008-2600 Vulnerability (CVE-2008-2600)

Severity

Medium

Classification

CVE-2015-5731 CWE-352

Tags

Missing Update Known Vulnerabilities