2.6

CVE-2012-5868

WordPress Core < 4.0 - Missing Session Cookie Expiration

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Mögliche Gegenmaßnahme
WordPress: Update to version 4.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version3.4.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 4.0)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
https://www.wordfence.com/threat-intel/vulnerabilities/id/3cf00aef-427b-4256-9cbd-83c8e5059ecf
Third Party Advisory