forgery

How to perform and mitigate a WordPress session donation attack

WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.

March 22, 2017 · 7 min · Bjørn Johansen