How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Vulnerabilities

WordPress <= 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload

Affects WordPress

Fixed in version 4.7.1

References

CVE

URL

https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

URL

https://ahussam.me/Leaking-WordPress-CSRF-Tokens/

URL

https://youtu.be/p0x3Q7y4U_Q

URL

https://hackerone.com/reports/149589

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

No

WPVDB ID

e84dcd32-d0da-442b-a00b-6fe69ba6b409

Timeline

Publicly Published

2017-01-11 (about 6 years ago)

Added

2017-01-12 (about 6 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin