QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6819

Published: Mar 12, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

https://wpvulndb.com/vulnerabilities/8770

x_refsource_MISC

http://openwall.com/lists/oss-security/2017/03/06/7

x_refsource_MISC

https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/

x_refsource_MISC

https://codex.wordpress.org/Version_4.7.3

x_refsource_MISC

https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829

x_refsource_MISC

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.