Description
WordPress Plugin WP REST API (WP API) is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to serve up arbitrary Flash SWF files from the API, allowing these Flash files to bypass browser cross-origin domain policies. WordPress Plugin WP REST API (WP API) version 1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.1 or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2011-3525 Vulnerability (CVE-2011-3525)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)
Drupal Other Vulnerability (CVE-2006-2742)
WordPress Plugin WP Background Takeover Directory Traversal (4.1.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)