Description
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.05)
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0866)
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)