Description

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

Remediation

References

CVE-2015-5731

Related Vulnerabilities

WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)

qdPM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-11814)

WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)

Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)

WordPress Plugin WP YouTube Live Cross-Site Scripting (1.8.2)

Severity

Medium

Classification

CVE-2015-5731 CWE-352

Tags

Missing Update Known Vulnerabilities