Description
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Remediation
References
Related Vulnerabilities
OpenVPN AS Other Vulnerability (CVE-2006-1629)
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)
Squid Out-of-bounds Write Vulnerability (CVE-2019-18676)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2327)
OpenSSL Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-2650)