CVE-2015-5730

The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Information

Published : 2015-11-09 03:59

Updated : 2017-09-20 18:29


NVD link : CVE-2015-5730

Mitre link : CVE-2015-5730


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

wordpress

  • wordpress