Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-6819

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

See the

CVE page on Mitre.org for more details.

References

MISC: http://openwall.com/li...
MISC: https://codex.wordpres...
MISC: https://github.com/Wor...
MISC: https://sumofpwn.nl/ad...
MISC: https://wordpress.org/...
BID: 96602
MISC: https://wpvulndb.com/v...
SECTRACK: 1037959

Launchpad.net

CVE 2017-6819

Related bugs

References