Description

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Remediation

References

CVE-2012-3384

Related Vulnerabilities

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll Unspecified Vulnerability (1.5.8.5)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4330)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Scripting (2.55)

WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)

Oracle HTTP Server Uncontrolled Search Path Element Vulnerability (CVE-2019-5443)

Severity

Medium

Classification

CVE-2012-3384 CWE-352

Tags

Missing Update Known Vulnerabilities