CVE-2014-5034

HIGH

Brute Force Login Protection 1.3 - Cross-Site Request Forgery via Crafted Request

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0112

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

fresh-media/brute_force_login_protection 1.3

Published Apr 06, 2018

Tracked Since Feb 18, 2026