Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0254
HistoryJun 06, 2014 - 2:27 p.m.

Updated wordpress package fixes multiple vulnerabilities

2014-06-0614:27:48
Gentoo Foundation
advisories.mageia.org
14

0.014 Low

EPSS

Percentile

86.3%

JSON

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchwordpress< 3.9.1-1wordpress-3.9.1-1.mga3
Mageia4noarchwordpress< 3.9.1-1wordpress-3.9.1-1.mga4

Related

nessus 5
osv 1
openvas 12
debian 5
fedora 7
prion 2
cve 2
ubuntucve 2
debiancve 2
wpvulndb 2
patchstack 2
cvelist 2
securityvulns 1
nessus
nessus
WordPress < 3.7.2 / 3.8.2 Multiple Vulnerabilities
2014-04-11 00:00:00
Fedora 19 : wordpress-3.8.3-1.fc19 (2014-5028)
2014-04-25 00:00:00
Fedora 20 : wordpress-3.8.2-1.fc20 (2014-5029)
2014-04-16 00:00:00
osv
osv
wordpress - security update
2014-04-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2901-1)
2014-04-11 00:00:00
Fedora Update for wordpress FEDORA-2014-5029
2014-04-16 00:00:00
Fedora Update for wordpress FEDORA-2014-5029
2014-04-16 00:00:00
debian
debian
[SECURITY] [DSA 2901-1] wordpress security update
2014-04-12 20:37:58
[SECURITY] [DSA 2901-1] wordpress security update
2014-04-12 20:37:39
[SECURITY] [DSA 2901-3] wordpress regression update
2014-04-21 06:06:48
fedora
fedora
[SECURITY] Fedora 20 Update: wordpress-3.8.2-1.fc20
2014-04-15 15:49:19
[SECURITY] Fedora 20 Update: wordpress-4.2.2-1.fc20
2015-05-20 18:49:22
[SECURITY] Fedora 20 Update: wordpress-3.9.2-3.fc20
2014-08-21 09:45:10
prion
prion
Design/Logic Flaw
2014-04-10 00:55:00
Authentication flaw
2014-04-10 00:55:00
cve
cve
CVE-2014-0165
2014-04-10 00:55:00
CVE-2014-0166
2014-04-10 00:55:00
ubuntucve
ubuntucve
CVE-2014-0165
2014-04-10 00:00:00
CVE-2014-0166
2014-04-10 00:00:00
debiancve
debiancve
CVE-2014-0165
2014-04-10 00:55:00
CVE-2014-0166
2014-04-10 00:55:00
wpvulndb
wpvulndb
WordPress 3.7.1 & 3.8.1 - Privilege Escalation
2014-08-01 00:00:00
WordPress 3.7.1 & 3.8.1 - Potential Authentication Cookie Forgery
2014-08-01 00:00:00
patchstack
patchstack
WordPress <= 3.8.1 - Privilege Escalation
2013-12-03 00:00:00
WordPress <= 3.8.1 - Multiple vulnerabilities
2013-12-03 00:00:00
cvelist
cvelist
CVE-2014-0165
2014-04-09 23:00:00
CVE-2014-0166
2014-04-09 23:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-04 00:00:00

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for MGASA-2014-0254
nessus5osv1openvas12debian5fedora7prion2cve2ubuntucve2debiancve2wpvulndb2patchstack2cvelist2securityvulns1