CVE-2015-5731

Published: 09 November 2015

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.

Priority

Status

Package	Release	Status
wordpress Launchpad, Ubuntu, Debian	Upstream	Released (4.2.4+dfsg-1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.2.4+dfsg-1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Not vulnerable (4.2.4+dfsg-1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was needed)
	Patches: Upstream: https://core.trac.wordpress.org/changeset/33542 Upstream: https://core.trac.wordpress.org/changeset/33543 (4.2)

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM