Cross-Site Request Forgery Vulnerability in WordPress by Automattic
CVE-2014-5204

Currently unrated

Key Information:

Vendor

Wordpress
Status
Debian Linux
Vendor
CVE Published:
18 August 2014

What is CVE-2014-5204?

A vulnerability has been identified in the WordPress platform where the CSRF protection mechanism does not consistently reject invalid CSRF nonces. Specifically, the rejection timing differs based on which characters in the nonce are incorrect, enabling attackers to optimize brute-force attacks, potentially allowing unauthorized actions on behalf of legitimate users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2014/dsa-3001
vendor-advisoryx_refsource_DEBIAN
https://wordpress.org/news/2014/08/wordpress-3-9-2/
x_refsource_CONFIRM
https://core.trac.wordpress.org/changeset/29384
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.