CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
86.4%
Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | wordpress | <Â 3.9.1-1 | wordpress-3.9.1-1.mga3 |
Mageia | 4 | noarch | wordpress | <Â 3.9.1-1 | wordpress-3.9.1-1.mga4 |