Description
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.
Remediation
References
Related Vulnerabilities
Sqlite Use After Free Vulnerability (CVE-2021-20227)
WordPress Plugin Front End Upload Arbitrary File Upload (0.5.4.4)
WordPress Plugin Modern Events Calendar Lite Security Bypass (5.1.6)
WebLogic CVE-2008-2579 Vulnerability (CVE-2008-2579)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1484)