Description
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Subscribe To Comments Reloaded Cross-Site Scripting (150611)
WebLogic CVE-2023-22040 Vulnerability (CVE-2023-22040)
Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2008-3963)
WordPress Plugin Ninja Popups Multiple Vulnerabilities (4.5.3)