WordPress <=3.9.1 - Multiple Vulnerabilities #1

wp-includes/pluggable.php does not use delimiters during concatenation of action values and uid values in CSRF tokens, that allows the attackers to bypass a CSRF protection mechanism via a brute-force attack. Related records:...

Mandriva Linux Security Advisory : wordpress (MDVSA-2014:103)

Multiple vulnerabilities has been discovered and corrected in wordpress : WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

Authentication flaw

The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...

CVE-2014-0166

The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...

CVE-2014-0166

The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...

CVE-2012-1936

CVE-2012-1936 affects WordPress 3.3.1 and earlier. The wp_create_nonce function associates a nonce with a user account rather than the session, which can facilitate cross-site request forgery (CSRF) against actions like wp-admin/admin-ajax.php and wp-admin/user-new.php. Multiple CSRF vectors were...

wp-saltcrack.txt

WORDPRESS 2.5 - SALT CRACKING VULNERABILITY ------------------------------------------- http://xiam.menteslibres.org/pages/advisories/wordpress-2-5-salt-cracking-vulnerability By J. Carlos Nieto http://xiam.menteslibres.org Severity ======== Medium. It affects only a determinate part of the...

CVE-2007-3639

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...

wppass-redirect.txt

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...

Redirection Vulnerability in wp-pass.php, WordPress 2.2.1

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...