Description
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter Meenews 'idnews' Parameter Cross-Site Scripting (5.1.0)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.33)
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)