Description
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2617 Vulnerability (CVE-2019-2617)
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)
WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-8953)
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)