CVE-2017-6819

Description

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Affected packages (1)

• Debian/wordpressfrom 0, < 4.7.3+dfsg-1

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-6819