Description
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-39399 Vulnerability (CVE-2022-39399)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3129)
WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.4)
WordPress Plugin Abstract Submission Local File Inclusion (0.6)