CVE-2016-5838 — Improperly Implemented Security Check for Standard in Wordpress
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 29
Latest updateMay 17
Description
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
2🕵️Threat Intelligence
2💬Community
4Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release↗2016-06-23
Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [fedora-all]↗2016-06-23
Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [epel-all]↗2016-06-23
Bugzilla▶
CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)↗2016-03-23