CVE-2014-9037

NONE EPSS 83.2%
Published Nov 25, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 25, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Threat Intelligence

EPSS Exploit Probability
83.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-310

Affected Products 14

VendorProductVersionRange
mageia_projectmageia3any
mageia_projectmageia4any
wordpresswordpress* ≤3.7.4
wordpresswordpress3.8any
wordpresswordpress3.8.1any
wordpresswordpress3.8.2any
wordpresswordpress3.8.3any
wordpresswordpress3.8.4any
wordpresswordpress3.9any
wordpresswordpress3.9.1any
wordpresswordpress3.9.2any
wordpresswordpress4.0any
debiandebian_linux7.0any
debiandebian_linux8.0any

References 6

Remediation

  • wordpress.org https://wordpress.org/news/2014/11/wordpress-4-0-1/
    PatchVendor Advisory