In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Published : 2017-03-12 01:59 Updated : 2019-03-19 12:54

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Wordpress Wordpress 4.7.2 cpe:/a:wordpress:wordpress:4.7.2
  1. Wordpress (1) Search CVE
    1. Wordpress (1) Search CVE
      1. 4.7.2


ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2019-03-19 12:54
2017-07-17 14:32
2017-03-12 01:59