CVE-2008-5113
Last modified
CVE-2008-5113 is a vulnerability of currently unknown severity. WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.. EPSS estimates a 1.33% chance of exploitation in the next 30 days.
Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | 2.6.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-5113?
How severe is CVE-2008-5113?
How do I fix CVE-2008-5113?
Are you affected by CVE-2008-5113?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST