Lucene search

Veracode Vulnerability DatabaseVERACODE:27736

HistoryNov 03, 2020 - 5:22 a.m.

Cross-Site Request Forgery (CSRF)

2020-11-0305:22:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wordpress

csrf

vulnerability

theme changes

http requests

EPSS

0.009

Percentile

83.1%

JSON

wordpress is vulnerable to cross-site request forgery (CSRF). Lack of authenticity check for HTTP requests allows an attacker to submit requests on behalf of a user, such as changing of the theme’s background image.

References

blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

lists.debian.org/debian-lts-announce/2020/11/msg00004.html

lists.fedoraproject.org/archives/list/[email protected]/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/

lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

lists.fedoraproject.org/archives/list/[email protected]/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/

wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

www.debian.org/security/2020/dsa-4784

EPSS

0.009

Percentile

83.1%

JSON

Related for VERACODE:27736