CVE-2012-5868

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-5868

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-5868.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2012-5868

Downstream

DEBIAN-CVE-2012-5868

UBUNTU-CVE-2012-5868

Published

2012-12-27T11:47:01Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

References

http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout

CVE-2012-5868

Affected packages