Cross-Site Request Forgery (CSRF)

2019-10-1807:13:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

58.5%

JSON

wordpress is vulnerable to cross-site request forgery (CSRF). An improper validation of the referer in the admin pages can potentially result in a type confusion which can lead to a successful CSRF attack.

CPENameOperatorVersion
johnpbloch/wordpress-coreeq4.1.0-  4.1.31
johnpbloch/wordpress-coreeq4.8.0- 4.8.14
johnpbloch/wordpress-coreeq4.9.0- 4.9.15
johnpbloch/wordpress-coreeq5.0.0- 5.0.10
johnpbloch/wordpress-coreeq4.4.0- 4.4.23
johnpbloch/wordpress-corele5.1.6
johnpbloch/wordpress-corele3.9.32
johnpbloch/wordpress-corele4.3.24
johnpbloch/wordpress-corele3.8.34
johnpbloch/wordpress-corele4.6.19

Name	Operator	Version
johnpbloch/wordpress-core	eq	4.1.0- 4.1.31
johnpbloch/wordpress-core	eq	4.8.0- 4.8.14
johnpbloch/wordpress-core	eq	4.9.0- 4.9.15
johnpbloch/wordpress-core	eq	5.0.0- 5.0.10
johnpbloch/wordpress-core	eq	4.4.0- 4.4.23
johnpbloch/wordpress-core	le	5.1.6
johnpbloch/wordpress-core	le	3.9.32
johnpbloch/wordpress-core	le	4.3.24
johnpbloch/wordpress-core	le	3.8.34
johnpbloch/wordpress-core	le	4.6.19