Description
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.7.1)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4300)