ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.2.3 - CSRF

Product
WordPress
Description
This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2015-5731
Versions
Affected In <= 4.2.3
Fixed In 4.2.4
Disclosure date
2015-08-04