| CVE-2008-5113 | Date: (C)2008-11-17 (M)2023-12-22 |
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 4.0 |
| Exploit Score: 4.9 |
| Impact Score: 4.9 |
| |
| CVSS V2 Metrics: |
| Access Vector: NETWORK |
| Access Complexity: HIGH |
| Authentication: NONE |
| Confidentiality: NONE |
| Integrity: PARTIAL |
| Availability: PARTIAL |
| | |
