Description
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
Remediation
References
Related Vulnerabilities
WordPress Plugin FavIcon Switcher Cross-Site Request Forgery (1.2.11)
WordPress Plugin A. Gallery TimThumb Arbitrary File Upload (0.9rev378511)
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)
WordPress Plugin MiniMax-Page Layout Builder Arbitrary File Upload (1.7.1)