Description
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)
MySQL CVE-2020-14861 Vulnerability (CVE-2020-14861)
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.15)
Drupal Improper Authentication Vulnerability (CVE-2019-10911)
WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)