WordPress core <= 6.2 - Cross-Site Request Forgery vulnerabilty

Okay. How do I fix this? This was sent to me by my site’s host re 2 of my ClassicPress sites he is hosting.

Can you share more about this error message?

Things that could help us understand the situation:

  • have you checked site logs?
  • are you using outdated/vulnerable WP themes and plugins?
  • is your CP site updated to 1.5 version?
  • are all your other sites on CP working correctly?
  • what plugins and themes are you using?

As far as I know this kind of vulnerability is not in the core itself, since it is a piece of code allowing execution of malicious code inside a site and usually this comes from a plugin or theme that isn’t following coding standards about escaping data, or has a known vulnerability or is purposely injecting the malicious code.

This also shows that your hosting provider is not recognizing that those sites are ClassicPress sites and it is prompting you to upgrade to WP 6.2 (this might be caused by a security plugin because sometimes they hide the tag that tells bots what CMS the site is using as a security measure but this hides that info for the hosting provider too).

If you can provide more context we might be able to help understand the whole situation better and fix it.

This is most likely related:

We’re working on a new version:

1 Like

Patched. New version is available. See 1.5.3 release notes.

5 Likes

Thanks for the speedy fix. Much appreciated!

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.