Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-11-25 15:59
Updated : 2015-11-02 10:11
NVD link : CVE-2014-9033
Mitre link : CVE-2014-9033
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
wordpress
- wordpress