wp-includes/pluggable.php in WordPress prior to 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 3.9.0 |
||
wordpress wordpress |