CVE-2014-5204

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.9.2

Description The issue allows remote attackers to bypass a CSRF protection mechanism via a brute-force attack. This is due to the different timing of rejecting invalid CSRF nonces depending on which characters in the nonce are incorrect.

Recommendations For versions prior to 3.9.2, update to version 3.9.2 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent brute-force attacks.