WordPress Vulnerabilities

WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing

Affects WordPress

2.0.3
Fixed in WordPress 3.9.2
2.0.4
Fixed in WordPress 3.9.2
2.0.5
Fixed in WordPress 3.9.2
2.0.6
Fixed in WordPress 3.9.2
2.0.7
Fixed in WordPress 3.9.2
2.0.10
Fixed in WordPress 3.9.2
2.0.11
Fixed in WordPress 3.9.2
2.0.9
Fixed in WordPress 3.9.2
2.1
Fixed in WordPress 3.9.2
2.1.2
Fixed in WordPress 3.9.2
2.1.3
Fixed in WordPress 3.9.2
2.2
Fixed in WordPress 3.9.2
2.2.1
Fixed in WordPress 3.9.2
2.2.2
Fixed in WordPress 3.9.2
2.2.3
Fixed in WordPress 3.9.2
2.3
Fixed in WordPress 3.9.2
2.3.1
Fixed in WordPress 3.9.2
2.1.1
Fixed in WordPress 3.9.2
2.3.2
Fixed in WordPress 3.9.2
2.5
Fixed in WordPress 3.9.2
2.5.1
Fixed in WordPress 3.9.2
2.6
Fixed in WordPress 3.9.2
2.6.1
Fixed in WordPress 3.9.2
2.6.2
Fixed in WordPress 3.9.2
2.6.3
Fixed in WordPress 3.9.2
2.7
Fixed in WordPress 3.9.2
2.7.1
Fixed in WordPress 3.9.2
2.8
Fixed in WordPress 3.9.2
2.8.1
Fixed in WordPress 3.9.2
2.8.2
Fixed in WordPress 3.9.2
2.8.3
Fixed in WordPress 3.9.2
2.8.4
Fixed in WordPress 3.9.2
2.8.5
Fixed in WordPress 3.9.2
2.8.6
Fixed in WordPress 3.9.2
2.9
Fixed in WordPress 3.9.2
2.9.1
Fixed in WordPress 3.9.2
2.9.2
Fixed in WordPress 3.9.2
3.0
Fixed in WordPress 3.9.2
3.0.1
Fixed in WordPress 3.9.2
3.0.2
Fixed in WordPress 3.9.2
3.0.3
Fixed in WordPress 3.9.2
3.0.4
Fixed in WordPress 3.9.2
3.0.5
Fixed in WordPress 3.9.2
3.1
Fixed in WordPress 3.9.2
3.1.1
Fixed in WordPress 3.9.2
3.1.2
Fixed in WordPress 3.9.2
3.1.3
Fixed in WordPress 3.9.2
3.1.4
Fixed in WordPress 3.9.2
3.2
Fixed in WordPress 3.9.2
3.2.1
Fixed in WordPress 3.9.2
3.3
Fixed in WordPress 3.9.2
3.3.1
Fixed in WordPress 3.9.2
3.3.2
Fixed in WordPress 3.9.2
3.4
Fixed in WordPress 3.9.2
3.4.1
Fixed in WordPress 3.9.2
3.4.2
Fixed in WordPress 3.9.2
3.5
Fixed in WordPress 3.9.2
3.5.1
Fixed in WordPress 3.9.2
3.5.2
Fixed in WordPress 3.9.2
3.6
Fixed in WordPress 3.9.2
3.6.1
Fixed in WordPress 3.9.2
3.7
Fixed in WordPress 3.9.2
3.7.1
Fixed in WordPress 3.9.2
3.8
Fixed in WordPress 3.9.2
3.8.1
Fixed in WordPress 3.9.2
3.8.2
Fixed in WordPress 3.9.2
3.8.3
Fixed in WordPress 3.9.2
3.9
Fixed in WordPress 3.9.2
3.9.1
Fixed in WordPress 3.9.2

References

CVE
CVE-2014-5204
CVE
CVE-2014-5205
URL
https://core.trac.wordpress.org/changeset/29384
URL
https://core.trac.wordpress.org/changeset/29408

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
admin
Verified
No
WPVDB ID
90a3565c-852e-43de-a8ed-2679ab22cc9b

Timeline

Publicly Published
2014-09-16 (about 11 years ago)
Added
2014-09-16 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-01-28
Title
UsersWP < 1.2.54 - Cross-Site Request Forgery
Published
2025-01-16
Title
Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-01-23
Title
Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF
Published
2021-10-06
Title
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF
Published
2024-11-13
Title
WP Popup Window Maker <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting