Wordpress : Security Vulnerabilities, CVEs, Published In November 2008 (Denial of service)
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Max CVSS
4.0
EPSS Score
0.17%
Published
2008-11-17
Updated
2017-08-08
1 vulnerabilities found