Lucene search

K
cvelistMitreCVELIST:CVE-2014-5204
HistoryAug 18, 2014 - 10:00 a.m.

CVE-2014-5204

2014-08-1810:00:00
mitre
www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.9%

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.9%