Published: 22/07/2012 Updated: 09/08/2012

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress prior to 3.4.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
wordpress wordpress 3.3.3
wordpress wordpress 3.3.2
wordpress wordpress 3.3
wordpress wordpress 3.0.1
wordpress wordpress 3.0
wordpress wordpress 2.9.2
wordpress wordpress 3.1.3
wordpress wordpress 3.1.1
wordpress wordpress 3.1.2
wordpress wordpress 3.0.6
wordpress wordpress 2.1.3
wordpress wordpress 2.2.3
wordpress wordpress 2.3
wordpress wordpress 2.0.8
wordpress wordpress 2.2.2
wordpress wordpress 2.3.2
wordpress wordpress 2.0.1
wordpress wordpress 2.0.10
wordpress wordpress 2.0.2
wordpress wordpress 2.8.5
wordpress wordpress 2.8.5.1
wordpress wordpress 2.8.1
wordpress wordpress 2.8.5.2
wordpress wordpress 1.0.1
wordpress wordpress 1.2.5
wordpress wordpress 1.2.3
wordpress wordpress 3.2
wordpress wordpress 3.1
wordpress wordpress 3.0.5
wordpress wordpress 3.0.3
wordpress wordpress 2.9.1.1
wordpress wordpress 2.5.1
wordpress wordpress 2.0.9
wordpress wordpress 2.2.1
wordpress wordpress 2.6.1
wordpress wordpress 2.3.1
wordpress wordpress 2.0.4
wordpress wordpress 2.0.6
wordpress wordpress 2.5
wordpress wordpress 2.7.1
wordpress wordpress 2.8.4
wordpress wordpress 1.5.1.1
wordpress wordpress 1.2.2
wordpress wordpress 1.2
wordpress wordpress 1.1.1
wordpress wordpress 1.3
wordpress wordpress 2.9
wordpress wordpress 2.3.3
wordpress wordpress 2.8.6
wordpress wordpress 2.6.3
wordpress wordpress 2.1
wordpress wordpress 2.1.1
wordpress wordpress 2.1.2
wordpress wordpress 2.7
wordpress wordpress 1.5.1.3
wordpress wordpress 1.5.2
wordpress wordpress 1.5
wordpress wordpress 1.5.1
wordpress wordpress 1.2.1
wordpress wordpress 1.3.2
wordpress wordpress 0.71
wordpress wordpress 3.2.1
wordpress wordpress 3.1.4
wordpress wordpress 3.0.4
wordpress wordpress 3.0.2
wordpress wordpress 2.9.1
wordpress wordpress 2.0.11
wordpress wordpress 2.6.2
wordpress wordpress 2.8
wordpress wordpress 2.2
wordpress wordpress 2.6
wordpress wordpress 2.0
wordpress wordpress 2.0.5
wordpress wordpress 2.0.7
wordpress wordpress 2.6.5
wordpress wordpress 2.8.3
wordpress wordpress 2.8.2
wordpress wordpress 1.5.1.2
wordpress wordpress 1.0.2
wordpress wordpress 1.0
wordpress wordpress 1.2.4
wordpress wordpress 1.3.3

Debian Bug report logs - #713947 wordpress: Multiple security issues Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 24 Jun 2013 06:39:02 UTC Severity: grave Tags: ...

Debian Bug report logs - #680721 wordpress: Several security vulnerabilities fixed in 341 CVE-2012-3383, CVE-2012-3384, CVE-2012-3385 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> D ...

CWE-352 http://www.openwall.com/lists/oss-security/2012/07/08/1 http://www.openwall.com/lists/oss-security/2012/07/02/1 http://codex.wordpress.org/Version_3.4.1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947

CVE-2012-3384

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect