CSRF flaw in WordPress potentially allowed the hack of websites

March 14, 2019

Security researcher Simon Scannell from RIPS Technologies has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks.

The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1.

An attacker can hack a website running a vulnerable version of WordPress that has comments enabled by tricking an administrator of a target site into visiting a website set up by the attacker.

Read More on Security Affairs