Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote malicious users to hijack the authentication of arbitrary users for requests that reset passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 3.7.4 |
||
wordpress wordpress 3.8.4 |
||
wordpress wordpress 3.9.2 |
||
wordpress wordpress 4.0 |