Vulnerabilities in WordPress
Severity Rating: High
System Affected:
- Versions prior to WordPress 4.7.1
Description:
A cross-site request-forgery vulnerability and security-bypass vulnerability exist in WordPress.
An attacker can exploit these vulnerabilities by performing unauthorized actions in the context of a logged-in user of the affected application and also can bypass certain security restrictions to perform unauthorized actions. Moreover, this may aid in other attacks.
Source:
Solution
Users are advised to apply updates.
Vendor Information
WordPress
CVE Information
References
Security Focus
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis