CVE-2014-5205

Priority
Description
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters
during concatenation of action values and uid values in CSRF tokens, which
makes it easier for remote attackers to bypass a CSRF protection mechanism
via a brute-force attack.
Notes
Package
Upstream:released (3.9.2+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.8.2+dfsg-1ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.9.2+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.9.2+dfsg-1)
Patches:
Upstream:https://core.trac.wordpress.org/changeset/29408
More Information

Updated: 2020-09-10 03:08:20 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)