WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. Reference: https://wpvulndb.com/vulnerabilities/9913 Upstream commit: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
Created wordpress tracking bugs for this issue: Affects: epel-6 [bug 1776888] Affects: epel-7 [bug 1776889] Affects: fedora-all [bug 1776887]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.