Description
WordPress is prone to a security bypass weakness because of a design error in the implementation of anti-CSRF token security feature. An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks. Successful exploitation requires that the attacker must know the anti-CSRF token of the victim within 12 hours by means of other attacks. WordPress version 3.3.1 is vulnerable; other versions may also be affected.
Remediation
Update to WordPress latest version
References
http://www.exploit-db.com/exploits/18791/
http://packetstormsecurity.org/files/112253/WordPress-3.3.1-Cross-Site-Request-Forgery.html
Related Vulnerabilities
SharePoint Other Vulnerability (CVE-2015-0085)
WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125)
WordPress Plugin ALO EasyMail Newsletter Multiple Vulnerabilities (2.6.00)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)