wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
References
Information
Published : 2014-08-18 04:15
Updated : 2015-11-25 12:21
NVD link : CVE-2014-5204
Mitre link : CVE-2014-5204
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
debian
- debian_linux
wordpress
- wordpress