|Date: (C)2008-11-17 (M)2017-08-08|
|CVSS Score: 4.0||Access Vector: NETWORK|
|Exploitability Subscore: 4.9||Access Complexity: HIGH|
|Impact Subscore: 4.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.