ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.8.1 - Multiple vulnerabilities

Product
WordPress
Description
The wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies. In that way the attackers can obtain access via a forged cookie.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-0166
Versions
Affected In <= 3.8.1
Fixed In 3.8.2
Disclosure date
2013-12-03