CVE-2008-5113
EPSS 0.30%
Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
How to fix CVE-2008-5113
To remediate CVE-2008-5113, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.5.1-10 or later
Is CVE-2008-5113 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.1-10