WordPress Vulnerabilities
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
Description
WordPress 4.0.1 adds a CSRF token called 'rp_key' to the password reset form on wp-login.php. Prior versions are vulnerable to CSRF.
Affects WordPress
References
Classification
Type
CSRF
OWASP top 10
CWE
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2014-11-25 (about 9 years ago)
Added
2014-11-25 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)