Author: david
Description:
Parts of the validation mechanism is restricted to bureaucrats. Several parts of the facility do not check for a valid
wpEditToken, making it vulnerable to cross-site request forgery (CSRF). Basically, by tricking a privileged user into
clicking on a link or submitting a malicious form, someone could for example change the set of topics.
Version: unspecified
Severity: critical