Description
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)
WordPress Plugin Link Library Cross-Site Scripting (5.8.10.6)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)
IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)