Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments

Posted by dxw Security on Aug 05

Details
================
Software: WordPress
Version: 3.8.1,3.8.2,4.2.2
Homepage: http://wordpress.org/
Advisory report:
https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description
================
Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments

Vulnerability
================…

007 Software