Description
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)
WordPress Plugin WP-CopyProtect [Protect your blog posts] Cross-Site Scripting (3.0.0)
WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.6.2)