CVE-2014-9033 — Cross-Site Request Forgery in Wordpress

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 25.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedNov 25

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.0.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.0.1+dfsg-1+3

▶NVDwordpress/wordpress4 versions+3

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-j6jx-vjmj-5q6h: Cross-site request forgery (CSRF) vulnerability in wp-login↗2022-05-17

▶

OSV

CVE-2014-9033: Cross-site request forgery (CSRF) vulnerability in wp-login↗2014-11-25

▶

📋Vendor Advisories

Debian

CVE-2014-9033: wordpress - Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7...↗2014

▶

💬Community

Bugzilla

CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 wordpress: security flaws fixed in the 4.0.1 release↗2014-11-21

▶