ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=3.9.1 - Multiple Vulnerabilities #1

Product
WordPress
Description
wp-includes/pluggable.php does not use delimiters during concatenation of action values and uid values in CSRF tokens, that allows the attackers to bypass a CSRF protection mechanism via a brute-force attack. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-3-9-1-multiple-vulnerabilities-2
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-5205
Versions
Affected In <= 3.9.1
Fixed In 3.9.2
Disclosure date
2014-08-13
Credits
David Tomaschik