cve/CVE-2012-5868.md at 41fbf31e3d6076a9d40c80bb3e1e4187f08a58e2

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

POC

Reference

No PoCs from references.

Github

https://github.com/alexjasso/Project_7-WordPress_Pentesting
https://github.com/anushareddy139/wpvskali
https://github.com/jonkillinger/FacebookCyberSecurityCourseWeek7

830 B Raw Blame History

CVE-2012-5868

Description

POC

Reference

Github

830 B

Raw Blame History