exploitDog

GHSA-vpmj-9973-3qg4

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

Ссылки

EPSS

Процентиль: 79%

0.01316

Низкий

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2012-5868

ubuntu

почти 13 лет назад

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

CVE-2012-5868

nvd

почти 13 лет назад

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

CVE-2012-5868

debian

почти 13 лет назад

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...

EPSS

Процентиль: 79%

0.01316

Низкий

CVE ID

Дефекты

CWE-200