The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.
Max Base Score | 6.4 |
Published | 2014-04-10 |
Updated | 2017-12-16 |
EPSS | 1.39% |
1 vulnerabilities found