CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:3.4.2:*:*:*:*:*:*:*

Information

Published : 2012-12-27 03:47

Updated : 2013-01-07 21:00


NVD link : CVE-2012-5868

Mitre link : CVE-2012-5868


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

wordpress

  • wordpress