Description
WordPress is prone to a security bypass weakness because of a design error in the implementation of anti-CSRF token security feature. An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks. Successful exploitation requires that the attacker must know the anti-CSRF token of the victim within 12 hours by means of other attacks. WordPress version 3.3.1 is vulnerable; other versions may also be affected.
Remediation
Update to WordPress latest version
References
http://www.exploit-db.com/exploits/18791/
http://packetstormsecurity.org/files/112253/WordPress-3.3.1-Cross-Site-Request-Forgery.html
Related Vulnerabilities
WordPress Plugin Better Find and Replace Cross-Site Scripting (1.2.8)
Apache 2.2.14 mod_isapi Dangling Pointer
MySQL CVE-2024-21166 Vulnerability (CVE-2024-21166)
WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.1)
LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-16184)