WordPress Anti-CSRF Token Security Bypass Weakness

WordPress is prone to a security-bypass weakness because of a design error in the implementation anti-CSRF token security feature.

An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks.

Note: To exploit this issue, an attacker must need to know the anti-CSRF token of the victim within 12 hours by means of other attacks.

WordPress versions 3.3.1 and prior are vulnerable; other versions may also affected.


Privacy Statement
Copyright 2010, SecurityFocus