Description
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Remediation
References
Related Vulnerabilities
WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.4)
Liferay Portal Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-62262)
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27128)