Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Published: 2008-11-17
Score: 4.0 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1871-1 New wordpress packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1871-2 New wordpress packages fix regression
EUVD EUVD EUVD-2008-5092 WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
History

Wed, 28 May 2025 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 22 May 2025 04:30:00 +0000

Type Values Removed Values Added
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T10:40:17.287Z

Reserved: 2008-11-17T00:00:00.000Z

Link: CVE-2008-5113

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-11-17T23:30:00.530

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5113

cve-icon Redhat

Severity : Low

Publid Date: 2008-11-06T00:00:00Z

Links: CVE-2008-5113 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses