Lucene search

K
prionPRIOn knowledge basePRION:CVE-2014-5205
HistoryAug 18, 2014 - 11:15 a.m.

Cross site request forgery (csrf)

2014-08-1811:15:00
PRIOn knowledge base
www.prio-n.com
9

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

CPENameOperatorVersion
wordpressle3.9.1
wordpresseq3.9.0

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%