CVE-2014-9037
NONE EPSS 83.2%
Published Nov 25, 201411y ago · Modified Jun 17, 20262w ago
Published Nov 25, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Threat Intelligence
EPSS Exploit Probability
83.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-310
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| mageia_project | mageia | 3 | any |
| mageia_project | mageia | 4 | any |
| wordpress | wordpress | * | ≤3.7.4 |
| wordpress | wordpress | 3.8 | any |
| wordpress | wordpress | 3.8.1 | any |
| wordpress | wordpress | 3.8.2 | any |
| wordpress | wordpress | 3.8.3 | any |
| wordpress | wordpress | 3.8.4 | any |
| wordpress | wordpress | 3.9 | any |
| wordpress | wordpress | 3.9.1 | any |
| wordpress | wordpress | 3.9.2 | any |
| wordpress | wordpress | 4.0 | any |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
References 6
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0493.html
- openwall.com http://openwall.com/lists/oss-security/2014/11/25/12
- debian.org http://www.debian.org/security/2014/dsa-3085
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- securitytracker.com http://www.securitytracker.com/id/1031243
- wordpress.org https://wordpress.org/news/2014/11/wordpress-4-0-1/
Remediation
- wordpress.org https://wordpress.org/news/2014/11/wordpress-4-0-1/