WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WP < 6.0.3 - CSRF in wp-trackback.php

Description

There is no CSRF check in the wp-trackback.php which could allow attackers to make user perform unwanted actions via a CSRF attack

Affects WordPress

6.0.2
Fixed in version 6.0.3
6.0.1
Fixed in version 6.0.3
6.0
Fixed in version 6.0.3
5.9.4
Fixed in version 5.9.5
5.9.3
Fixed in version 5.9.5
5.9.2
Fixed in version 5.9.5
5.9.1
Fixed in version 5.9.5
5.9
Fixed in version 5.9.5
5.8.5
Fixed in version 5.8.6
5.8.4
Fixed in version 5.8.6

References

URL
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
URL
https://github.com/WordPress/wordpress-develop/commit/a4f9ca17fae0b7d97ff807a3c234cf219810fae0

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Simon Scannell

Verified

Yes

WPVDB ID
b60a6557-ae78-465c-95bc-a78cf74a6dd0

Timeline

Publicly Published

2022-10-17 (about 3 months ago)

Added

2022-10-19 (about 3 months ago)

Last Updated

2022-10-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin