CVE-2014-9039 — Wordpress vulnerability

CWE-2546 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.7%

top 17.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Linux Mageia Project Mageia

Timeline

PublishedNov 25

Latest updateMay 17

Description

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianwordpress/wordpress< 4.0.1+dfsg-1+3

▶NVDwordpress/wordpress3.7.4+9

▶NVDmageia_project/mageia3, 4+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-8rwr-ffp6-2577: wp-login↗2022-05-17

▶

OSV

CVE-2014-9039: wp-login↗2014-11-25

▶

CVEList

CVE-2014-9039: wp-login↗2014-11-25

▶

📋Vendor Advisories

Debian

CVE-2014-9039: wordpress - wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, ...↗2014

▶

💬Community

Bugzilla

CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 wordpress: security flaws fixed in the 4.0.1 release↗2014-11-21

▶