Lucene search
HistoryNov 25, 2014 - 11:59 p.m.
CVE-2014-9039
cve-2014-9039
wordpress
wp-login.php
vulnerability
remote attack
password reset
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Affected configurations
Node
debiandebian_linuxMatch7.0
ORdebiandebian_linuxMatch8.0
Node
mageia_projectmageiaMatch3
ORmageia_projectmageiaMatch4
Node
wordpresswordpressRange≤3.7.4
ORwordpresswordpressMatch3.8
ORwordpresswordpressMatch3.8.1
ORwordpresswordpressMatch3.8.2
ORwordpresswordpressMatch3.8.3
ORwordpresswordpressMatch3.8.4
ORwordpresswordpressMatch3.9
ORwordpresswordpressMatch3.9.1
ORwordpresswordpressMatch3.9.2
ORwordpresswordpressMatch4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian:debian_linux | debian debian linux | eq | 7.0 |
| debian:debian_linux | debian debian linux | eq | 8.0 |
References
Related
cvelist
cvelist
CVE-2014-9039
2014-11-25 23:00:00
debiancve
debiancve
CVE-2014-9039
2014-11-25 23:59:10
patchstack
patchstack
WordPress <= 4.0.0 - Multiple Vulnerabilities #1
2014-11-20 00:00:00
nvd
nvd
CVE-2014-9039
2014-11-25 23:59:10
prion
prion
Default credentials
2014-11-25 23:59:00
ubuntucve
ubuntucve
CVE-2014-9039
2014-11-25 00:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2014-11-25 00:00:00
debian
debian
[SECURITY] [DSA 3085-1] wordpress security update
2014-12-03 08:38:56
[SECURITY] [DLA 236-1] wordpress security update
2015-06-01 12:11:28
openvas
openvas
Debian Security Advisory DSA 3085-1 (wordpress - security update)
2014-12-03 00:00:00
Debian: Security Advisory (DSA-3085-1)
2014-12-02 00:00:00
Fedora Update for wordpress FEDORA-2014-15560
2015-01-05 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: wordpress-4.0.1-1.fc21
2014-12-06 10:12:34
[SECURITY] Fedora 20 Update: wordpress-4.0.1-1.fc20
2014-12-03 01:03:45
[SECURITY] Fedora 19 Update: wordpress-4.0.1-1.fc19
2014-12-03 01:05:40
nessus
nessus
WordPress 3.7 < 3.7.5 / 3.8 < 3.8.5 / 3.9 < 3.9.3 / 4.x < 4.0.1 Multiple Vulnerabilities
2015-03-12 00:00:00
Debian DSA-3085-1 : wordpress - security update
2014-12-04 00:00:00
osv
osv
wordpress - security update
2014-12-03 00:00:00
wordpress - security update
2015-06-01 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2014-11-26 20:29:06
securityvulns
securityvulns
[ MDVSA-2014:233 ] wordpress
2014-12-01 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
Related for CVE-2014-9039