CVE-2015-5730

2015-11-09T11:59:00
ID CVE-2015-5730
Type cve
Reporter cve@mitre.org
Modified 2017-09-21T01:29:00

Description

The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.