CVE-2014-9039

NONE
Published Nov 25, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 25, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-254

Affected Products 14

VendorProductVersionRange
debiandebian_linux7.0any
debiandebian_linux8.0any
mageia_projectmageia3any
mageia_projectmageia4any
wordpresswordpress* ≤3.7.4
wordpresswordpress3.8any
wordpresswordpress3.8.1any
wordpresswordpress3.8.2any
wordpresswordpress3.8.3any
wordpresswordpress3.8.4any
wordpresswordpress3.9any
wordpresswordpress3.9.1any
wordpresswordpress3.9.2any
wordpresswordpress4.0any

References 7

Remediation

  • wordpress.org https://wordpress.org/news/2014/11/wordpress-4-0-1/
    PatchVendor Advisory