The wp_create_nonce function in WordPress 3.3.1 and earlier allows for CSRF attacks by associating a nonce with a user account instead of a user session
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
seebug.org | Wordpress 3.3.1 - Multiple CSRF Vulnerabilities | 1 Jul 201400:00 | โ | seebug |
seebug.org | WordPress Anti-CSRFไปค็ๅฎๅ จ็ป่ฟๆผๆด | 2 May 201200:00 | โ | seebug |
Prion | Cross site request forgery (csrf) | 3 May 201220:55 | โ | prion |
0day.today | Wordpress 3.3.1 Multiple CSRF Vulnerabilities | 19 Mar 201200:00 | โ | zdt |
Packet Storm | WordPress 3.3.1 Cross Site Request Forgery | 26 Apr 201200:00 | โ | packetstorm |
NVD | CVE-2012-1936 | 3 May 201220:55 | โ | nvd |
Exploit DB | WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities | 27 Apr 201200:00 | โ | exploitdb |
CVE | CVE-2012-1936 | 3 May 201220:55 | โ | cve |
Patchstack | WordPress 3.3.1 - Multiple CSRF Vulnerabilities | 27 Apr 201200:00 | โ | patchstack |
exploitpack | WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities | 27 Apr 201200:00 | โ | exploitpack |
Source | Link |
---|---|
exploit-db | www.exploit-db.com/exploits/18791 |
webapp-security | www.webapp-security.com/wp-content/uploads/2012/04/Wordpress-3.3.1-Multiple-CSRF-Vulnerabilities6.txt |
webapp-security | www.webapp-security.com/2012/04/wordpress-3-3-1-multiple-csrf-vulnerabilities |
securityfocus | www.securityfocus.com/bid/53280 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo