Published: 15/01/2017 Updated: 04/11/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in WordPress prior to 4.7.1 allows remote malicious users to hijack the authentication of unspecified victims via vectors involving a Flash file upload.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file ...
Debian Bug report logs - #852767 wordpress: 472 security release (CVE-2017-5610 CVE-2017-5611 CVE-2017-5612) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Jan 2017 06:18:01 UTC Severity: grave Tags: fixed- ...
Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issues Remote : Yes Link : ...