CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
Percentile
64.4%
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an
administrator’s logout action, which makes it easier for remote attackers
to discover valid session identifiers via a brute-force attack, or modify
data via a replay attack.
Author | Note |
---|---|
ebarretto | non-issue, see: https://wordpress.org/support/topic/old-bug-cve-2012-5868 |