CVE-2014-9037 — Wordpress vulnerability

CWE-3106 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.6%

top 14.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Linux Mageia Project Mageia

Timeline

PublishedNov 25

Latest updateMay 17

Description

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianwordpress/wordpress< 4.0.1+dfsg-1+3

▶NVDwordpress/wordpress3.7.4+9

▶NVDmageia_project/mageia3, 4+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-f6m5-cxjc-8qwq: WordPress before 3↗2022-05-17

▶

OSV

CVE-2014-9037: WordPress before 3↗2014-11-25

▶

CVEList

CVE-2014-9037: WordPress before 3↗2014-11-25

▶

📋Vendor Advisories

Debian

CVE-2014-9037: wordpress - WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4...↗2014

▶

💬Community

Bugzilla

CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 wordpress: security flaws fixed in the 4.0.1 release↗2014-11-21

▶