CVE-2012-4448
WordPress 3.4.2 - Cross-Site Request Forgery via Dashboard Incoming Links Edit Action
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=436198
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50715
Exploit x_refsource_misc
http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/09/25/15
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=860261
Scores
EPSS
0.0015
EPSS Percentile
35.5%
Details
CWE
CWE-352
Status
published
Products (1)
wordpress/wordpress
3.4.2
Published
Sep 28, 2012
Tracked Since
Feb 18, 2026