CVE-2014-5205 in WordPressinformación

Resumen (Inglés)

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

Reservar

2014-08-13

Divulgación

2014-08-18

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
67378WordPress pluggable.php falsificación de solicitudes en sitios cruzados352No probadoArreglo oficialCVE-2014-5205

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!