Description
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)
WordPress Plugin My Calendar Cross-Site Scripting (2.5.16)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Request Forgery (2.0.1.6)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2024-50305)