Lucene search
Ivano BinettiPATCHSTACK:35E8DCB07A4079158E34B693B64B0CF3HistoryApr 27, 2012 - 12:00 a.m.
WordPress 3.3.1 - Multiple CSRF Vulnerabilities
2012-04-2700:00:00
Ivano Binetti
patchstack.com
13
EPSS
0.007
Percentile
80.4%
WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token (_wpnonce, _wpnonce_create-user, _ajax_nonce, _wpnonce-custom-background-upload, _wpnonce-custom-header-upload) generation. Multiple CSRF allow an attacker to change Site Address, when an authenticated user/admin browses a special crafted web page, change post title, add administrators/users, delete administrators/users, change site title, change administratorโs email, change Wordpress Address, also, approve and unapprove comment, delete comment, change background image, insert custom header image.
Solution
Update WordPress.
References
Related
prion
prion
Cross site request forgery (csrf)
2012-05-03 20:55:00
zdt
zdt
Wordpress 3.3.1 Multiple CSRF Vulnerabilities
2012-03-19 00:00:00
seebug
seebug
Wordpress 3.3.1 - Multiple CSRF Vulnerabilities
2014-07-01 00:00:00
WordPress Anti-CSRFไปค็ๅฎๅ
จ็ป่ฟๆผๆด
2012-05-02 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 Cross Site Request Forgery
2012-04-26 00:00:00
nvd
nvd
CVE-2012-1936
2012-05-03 20:55:03
cvelist
cvelist
CVE-2012-1936
2012-05-03 20:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
2012-04-27 00:00:00
cve
cve
CVE-2012-1936
2012-05-03 20:55:03
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
2012-04-27 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00