CVE-2012-5868Sensitive Information Exposure in Wordpress

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
2.6LOWNVD
EPSS
0.6%
top 29.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedDec 27
Latest updateMay 17

Description

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-vpmj-9973-3qg4: WordPress 32022-05-17
OSV
CVE-2012-5868: WordPress 32012-12-27

📋Vendor Advisories

1
Debian
CVE-2012-5868: wordpress - WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an admin...2012

💬Community

3
Bugzilla
CVE-2012-5868 wordpress: session cookie not invalidated on explicit logout [fedora-all]2012-12-20
Bugzilla
CVE-2012-5868 wordpress: session cookie not invalidated on explicit logout [epel-all]2012-12-20
Bugzilla
CVE-2012-5868 wordpress: session cookie not invalidated on explicit logout2012-12-20
CVE-2012-5868 — Sensitive Information Exposure | cvebase