wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-08-18 04:15
Updated : 2014-11-13 19:06
NVD link : CVE-2014-5205
Mitre link : CVE-2014-5205
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
wordpress
- wordpress