WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing

Affects WordPresses

fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2
fixed in version 3.9.2

References

CVE 2014-5204
CVE 2014-5205
URL https://core.trac.wordpress.org/changeset/29384
URL https://core.trac.wordpress.org/changeset/29408

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter admin
Views 9347
Verified No
WPVDB ID 7528

Timeline

Publicly Published 2014-09-16 (about 5 years ago)
Added 2014-09-16 (about 5 years ago)
Last Updated 2018-08-29 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin