WordPress Anti-CSRF Token Security Bypass Weakness
WordPress is prone to a security-bypass weakness because of a design error in the implementation anti-CSRF token security feature.
An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks.
Note: To exploit this issue, an attacker must need to know the anti-CSRF token of the victim within 12 hours by means of other attacks.
WordPress versions 3.3.1 and prior are vulnerable; other versions may also affected.