WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1 - 3.3.1)

Description

WordPress is prone to a security bypass weakness because of a design error in the implementation of anti-CSRF token security feature. An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks. Successful exploitation requires that the attacker must know the anti-CSRF token of the victim within 12 hours by means of other attacks. WordPress version 3.3.1 is vulnerable; other versions may also be affected.

Remediation

Update to WordPress latest version

References