Vulnerabilities in WordPress
Severity Rating: High
- Versions prior to WordPress 4.7.1
A cross-site request-forgery vulnerability and security-bypass vulnerability exist in WordPress.
An attacker can exploit these vulnerabilities by performing unauthorized actions in the context of a logged-in user of the affected application and also can bypass certain security restrictions to perform unauthorized actions. Moreover, this may aid in other attacks.
Users are advised to apply updates.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street