Description

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

Remediation

References

CVE-2017-9064

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.31)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26034)

WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.19)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)

OpenSSL Resource Management Errors Vulnerability (CVE-2011-3210)

Severity

High

Classification

CVE-2017-9064 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities