CVE-2014-0166 — Improper Authentication in Wordpress

CWE-287 — Improper Authentication7 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

31.6%

top 3.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedApr 10

Latest updateMay 17

Description

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.8.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.8.2+dfsg-1+3

▶NVDwordpress/wordpress3.7.1+94

🔴Vulnerability Details

GHSA

GHSA-jg4j-hqh7-5qcx: The wp_validate_auth_cookie function in wp-includes/pluggable↗2022-05-17

▶

OSV

CVE-2014-0166: The wp_validate_auth_cookie function in wp-includes/pluggable↗2014-04-10

▶

📋Vendor Advisories

Debian

CVE-2014-0166: wordpress - The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress b...↗2014

▶

💬Community

Bugzilla

CVE-2014-0166 CVE-2014-0165 wordpress: various flaws [fedora-all]↗2014-04-09

▶

Bugzilla

CVE-2014-0166 CVE-2014-0165 wordpress: various flaws [epel-all]↗2014-04-09

▶

Bugzilla

CVE-2014-0166 wordpress: authentication bypass via forged cookies↗2014-04-09

▶