Lucene search
PRIOn knowledge basePRION:CVE-2012-1936HistoryMay 03, 2012 - 8:55 p.m.
Cross site request forgery (csrf)
2012-05-0320:55:00
PRIOn knowledge base
www.prio-n.com
1
DISPUTED The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations.
Related
seebug
seebug
Wordpress 3.3.1 - Multiple CSRF Vulnerabilities
2014-07-01 00:00:00
WordPress Anti-CSRFไปค็ๅฎๅ
จ็ป่ฟๆผๆด
2012-05-02 00:00:00
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
2012-04-27 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 Cross Site Request Forgery
2012-04-26 00:00:00
nvd
nvd
CVE-2012-1936
2012-05-03 20:55:03
cvelist
cvelist
CVE-2012-1936
2012-05-03 20:00:00
patchstack
patchstack
WordPress 3.3.1 - Multiple CSRF Vulnerabilities
2012-04-27 00:00:00
cve
cve
CVE-2012-1936
2012-05-03 20:55:03
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
2012-04-27 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00