CVE-2014-5034

Name of the Vulnerable Software and Affected Versions Brute Force Login Protection module version 1.3 for WordPress

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack user authentication for requests with unknown impact. This is achieved through a crafted request to the brute-force-login-protection page, specifically targeting the wp-admin/options-general.php endpoint.

Recommendations For Brute Force Login Protection module version 1.3, consider disabling the module until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the wp-admin/options-general.php endpoint to minimize the risk of CSRF attacks.