CVE-2017-9673

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account via the index.php/user/new URI or change its settings via the index.php/user/1 URI, including its password...

PT-2012-3667 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue is related to the wp create nonce function, which associates a nonce with a user account instead of a user session. This might make it easier for remote attackers to conduct cross-si...