Description
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Remediation
References
Related Vulnerabilities
Drupal Core 8.3.0 Security Bypass (8.3.0)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
Oracle JRE CVE-2013-1487 Vulnerability (CVE-2013-1487)
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31985)
Joomla Improper Input Validation Vulnerability (CVE-2018-11321)