Cross site request forgery (csrf)

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

CVE-2020-35773

CVE-2020-35773 concerns the WordPress Site Offline plugin prior to 1.4.4, which lacks several nonce checks (wp_create_nonce/wp_verify_nonce), enabling cross‑site request forgery (CSRF). The documented impact states that a logged‑in administrator could be coerced into changing plugin settings via ...

CVE-2012-1936

The wpcreatenonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery CSRF attacks on specific actions and objects by sniffing t...

Cross site request forgery (csrf)

DISPUTED The wpcreatenonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery CSRF attacks on specific actions and objects by...

CVE-2012-1936

The wpcreatenonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery CSRF attacks on specific actions and objects by sniffing t...

CVE-2012-1936

CVE-2012-1936 affects WordPress 3.3.1 and earlier. The wp_create_nonce function associates a nonce with a user account rather than the session, which can facilitate cross-site request forgery (CSRF) against actions like wp-admin/admin-ajax.php and wp-admin/user-new.php. Multiple CSRF vectors were...