Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
No PoCs from references.
- https://github.com/20142995/nuclei-templates
- https://github.com/alexjasso/Project_7-WordPress_Pentesting
- https://github.com/anushareddy139/wpvskali
- https://github.com/jonkillinger/FacebookCyberSecurityCourseWeek7