Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9034 — Wordpress vulnerability

7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

72.5%

top 1.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wordpress Debian Wordpress

Timeline

PublishedNov 25

Latest updateMay 17

Description

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.0.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.0.1+dfsg-1+3

▶NVDwordpress/wordpress3.7.4+9

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-wh45-5f5h-v3mq: wp-includes/class-phpass↗2022-05-17

▶

OSV

CVE-2014-9034: wp-includes/class-phpass↗2014-11-25

▶

💥Exploits & PoCs

Exploit-DB

WordPress Core 4.0 - Denial of Service↗2014-12-01

▶

Exploit-DB

WordPress Core < 4.0.1 - Denial of Service↗2014-12-01

▶

📋Vendor Advisories

Debian

CVE-2014-9034: wordpress - wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9....↗2014

▶

💬Community

Bugzilla

CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 wordpress: security flaws fixed in the 4.0.1 release↗2014-11-21

▶