Launchpad.net

CVE 2012-3384

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Related bugs and status

CVE-2012-3384 (Candidate) is related to these bugs:

Bug #1020452: On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.

Summary				In	Importance	Status
	1020452	On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.		wordpress (Ubuntu)	Undecided	Fix Released
	1020452	On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.		wordpress (Debian)	Unknown	Fix Released

Bug #1221040: Sync wordpress 3.6.1 (universe) from Debian stable-security

		In	Importance	Status
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu)	High	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Precise)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Quantal)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Raring)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Debian)	Unknown	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3384

Related bugs and status

Related bugs

References