CVE-2015-5731
EPSS 14.8%
Description
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
How to fix CVE-2015-5731
To remediate CVE-2015-5731, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 4.2.4+dfsg-1 or later
Is CVE-2015-5731 being exploited?
Moderate — EPSS is 14.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4.2.4+dfsg-1