CVE-2014-5205 in WordPress信息

摘要

由 VulDB • 2026-06-02

WordPress 3.9.2 之前的版本中,wp-includes/pluggable.php 在 CSRF 令牌中拼接 action 值和 uid 值时未使用分隔符,这使得远程攻击者能够通过暴力破解攻击更容易地绕过 CSRF 保护机制。

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Want to know what is going to be exploited?

We predict KEV entries!