WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing

Affects WordPresses

fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2

References

CVE 2014-5204
CVE 2014-5205
URL https://core.trac.wordpress.org/changeset/29384
URL https://core.trac.wordpress.org/changeset/29408

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Submitter admin
Views 9057
Verified No
WPVDB ID 7528

Timeline

Publicly Published 2014-09-16 (almost 5 years ago)
Added 2014-09-16 (almost 5 years ago)
Last Updated 2018-08-29 (11 months ago)