A malicious user with access to the admin settings of the site can perform CSRF attack to delete any topic in the site. WordPress 4.9.5 was released on June 5, adding CSRF protections, making it more difficult to perform CSRF attacks. However, if the site is running an older version of WordPress and the CSRF vulnerability is present, an attacker can exploit it to delete any topic on the site. It is recommended to update WordPress to the latest version to mitigate this threat. gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gV
References: https://en.support.wordpress.com/csrf-protection/
https://blog.gVectorTeam.com/wp-admin-csrf-protection
https://www.wilsoncenter.org/publication/wikileaks-reveals-new-vulnerabilities
http://blog.gvectorteam.com/2018/06/update-wordpress-to-400005
Timeline
Published on: 11/08/2022 19:15:00 UTC
Last modified on: 11/09/2022 13:56:00 UTC