Description

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

Remediation

References

CVE-2012-5868

Related Vulnerabilities

WordPress Plugin Sync to Etsy Marketplace from WooCommerce Cross-Site Request Forgery (3.3.1)

WordPress Plugin Content Timeline Multiple SQL Injection Vulnerabilities (4.4.2)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.11)

WordPress Plugin Email newsletter Cross-Site Scripting (20.13.6)

WordPress Plugin Advance Menu Manager Security Bypass (3.0)

Severity

Low

Classification

CVE-2012-5868 CWE-200

Tags

Missing Update Known Vulnerabilities