ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.4.1 - CSRF

Product
WordPress
Description
WordPress before 4.5 is prone to a cross-site request forgery (CSRF) vulnerability. In the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php file attackers can hijack the authentication of administrators when they change the script compression option.
Solution
Update WordPress to 4.5.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
WordPress.org
CVE Mitre
CVE
Name CVE-2016-6635
Versions
Affected In <= 4.4.1
Fixed In 4.5
Disclosure date
2016-04-12
Credits
Ronni Skansing