Launchpad.net

CVE 2019-17675

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

See the CVE page on Mitre.org for more details.