I got this information from WordPress team member: "We've internally classified this CSRF as not critical because of the limited impact; it cannot lead to XSS or anything that amounts to much more than comment spam."
How do you think we should proceed? More references: https://bugs.gentoo.org/show_bug.cgi?id=436198 https://secunia.com/advisories/50715/ http://osvdb.org/85731 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
