CVE-2014-5205 — Cross-Site Request Forgery in Wordpress
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 65.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 18
Latest updateMay 17
Description
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages3 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2014-5205: wordpress - wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters duri...↗2014
💬Community
3Bugzilla▶
CVE-2014-5203 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 wordpress: multiple vulnerabilities fixed upstream↗2014-08-13
Bugzilla▶
CVE-2014-5203 CVE-2014-5205 CVE-2014-5204 wordpress: multiple vulnerabilities fixed upstream [epel-all]↗2014-08-13
Bugzilla▶
CVE-2014-5203 CVE-2014-5205 CVE-2014-5204 wordpress: multiple vulnerabilities fixed upstream [fedora-all]↗2014-08-13