WordPress Vulnerabilities

WordPress <= 4.4.2 - Script Compression Option CSRF

Affects WordPress

3.8.1
Fixed in WordPress 4.5
3.8
Fixed in WordPress 4.5
3.7.1
Fixed in WordPress 4.5
3.6
Fixed in WordPress 4.5
3.5.2
Fixed in WordPress 4.5
3.5.1
Fixed in WordPress 4.5
3.5
Fixed in WordPress 4.5
3.4.2
Fixed in WordPress 4.5
3.4.1
Fixed in WordPress 4.5
3.4
Fixed in WordPress 4.5
3.3.3
Fixed in WordPress 4.5
3.3.2
Fixed in WordPress 4.5
3.3.1
Fixed in WordPress 4.5
3.3
Fixed in WordPress 4.5
3.2.1
Fixed in WordPress 4.5
3.2
Fixed in WordPress 4.5
3.1.4
Fixed in WordPress 4.5
3.1.3
Fixed in WordPress 4.5
3.1.2
Fixed in WordPress 4.5
3.1.1
Fixed in WordPress 4.5
3.1
Fixed in WordPress 4.5
3.0.6
Fixed in WordPress 4.5
3.0.5
Fixed in WordPress 4.5
3.0.4
Fixed in WordPress 4.5
3.0.3
Fixed in WordPress 4.5
3.0.2
Fixed in WordPress 4.5
3.0.1
Fixed in WordPress 4.5
3.0
Fixed in WordPress 4.5
3.6.1
Fixed in WordPress 4.5
3.9
Fixed in WordPress 4.5
3.9.1
Fixed in WordPress 4.5
3.7
Fixed in WordPress 4.5
3.8.2
Fixed in WordPress 4.5
3.8.3
Fixed in WordPress 4.5
3.9.2
Fixed in WordPress 4.5
4.0
Fixed in WordPress 4.5
4.1
Fixed in WordPress 4.5
4.1.1
Fixed in WordPress 4.5
4.2
Fixed in WordPress 4.5
3.9.3
Fixed in WordPress 4.5
4.1.2
Fixed in WordPress 4.5
4.2.1
Fixed in WordPress 4.5
4.0.1
Fixed in WordPress 4.5
4.1.5
Fixed in WordPress 4.5
4.1.4
Fixed in WordPress 4.5
4.1.3
Fixed in WordPress 4.5
3.8.4
Fixed in WordPress 4.5
3.7.4
Fixed in WordPress 4.5
4.2.3
Fixed in WordPress 4.5
3.8.8
Fixed in WordPress 4.5
3.8.5
Fixed in WordPress 4.5
3.8.6
Fixed in WordPress 4.5
3.8.7
Fixed in WordPress 4.5
3.7.3
Fixed in WordPress 4.5
3.7.5
Fixed in WordPress 4.5
3.7.6
Fixed in WordPress 4.5
3.7.7
Fixed in WordPress 4.5
3.7.8
Fixed in WordPress 4.5
3.7.9
Fixed in WordPress 4.5
3.8.9
Fixed in WordPress 4.5
3.9.4
Fixed in WordPress 4.5
3.9.5
Fixed in WordPress 4.5
3.9.6
Fixed in WordPress 4.5
3.9.7
Fixed in WordPress 4.5
4.0.2
Fixed in WordPress 4.5
4.0.3
Fixed in WordPress 4.5
4.0.4
Fixed in WordPress 4.5
4.0.5
Fixed in WordPress 4.5
4.0.6
Fixed in WordPress 4.5
4.1.6
Fixed in WordPress 4.5
4.2.2
Fixed in WordPress 4.5
4.2.4
Fixed in WordPress 4.5
4.1.7
Fixed in WordPress 4.5
4.0.7
Fixed in WordPress 4.5
3.9.8
Fixed in WordPress 4.5
3.8.10
Fixed in WordPress 4.5
3.7.10
Fixed in WordPress 4.5
4.3
Fixed in WordPress 4.5
4.3.1
Fixed in WordPress 4.5
4.2.5
Fixed in WordPress 4.5
4.1.8
Fixed in WordPress 4.5
4.0.8
Fixed in WordPress 4.5
3.9.9
Fixed in WordPress 4.5
3.8.11
Fixed in WordPress 4.5
3.7.11
Fixed in WordPress 4.5
4.4
Fixed in WordPress 4.5
3.7.12
Fixed in WordPress 4.5
3.8.12
Fixed in WordPress 4.5
3.9.10
Fixed in WordPress 4.5
4.0.9
Fixed in WordPress 4.5
4.1.9
Fixed in WordPress 4.5
4.2.6
Fixed in WordPress 4.5
4.3.2
Fixed in WordPress 4.5
4.4.1
Fixed in WordPress 4.5
4.4.2
Fixed in WordPress 4.5
4.3.3
Fixed in WordPress 4.5
4.2.7
Fixed in WordPress 4.5
4.1.10
Fixed in WordPress 4.5
4.0.10
Fixed in WordPress 4.5
3.9.11
Fixed in WordPress 4.5
3.8.13
Fixed in WordPress 4.5
3.7.13
Fixed in WordPress 4.5

References

CVE
CVE-2016-6635
URL
https://codex.wordpress.org/Version_4.5

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c0775703-ed52-4b6b-b395-7bf440ee0d77

Timeline

Publicly Published
2016-04-12 (about 9 years ago)
Added
2016-04-28 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-24
Title
Plugin Central <= 2.5.1 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2019-05-26
Title
Affiliates Manager < 2.6.6 - CRSF Issues
Published
2025-07-14
Title
Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2023-06-13
Title
All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery
Published
2025-01-03
Title
WP Simple Sitemap <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting